Articles Published  02.06.2017

Back

EBF statement on EU Commission position on EBA RTS for PSD2


©The European Banking Federation

  Source: The European Banking Federation


EBF underlines importance of privacy and security under the second EU Payment Services Directive (PSD2).

In the context of the PSD2, the EBF would like to underline that banks in the European Union fully support the creation of an efficient and effective EU ecosystem of interoperable interfaces for secure and reliable communication via the banks’ infrastructure between third-party payment service providers, known as TPPs, and clients.

Customers expect banks to protect their personal data. Data protection is at the core of trust in financial institutions. That is why the EBF, taking note of the European Commission’s response to the European Banking Authority (EBA) on its regulatory and technical standards for strong customer authentication under PSD2, would like to reiterate its concerns over the consequences of the amendment proposed by the European Commission.

Even though TPPs would have to identify themselves towards banks, they would still have access, at minima, to all the balances of all the accounts held by clients when clients pay on the internet through the existing practice known as ‘screen scraping’. The privacy of client data, cybersecurity and innovation are all at risk if ‘screen-scraping’ is allowed to continue once PSD2 enters into force next year. Clients must be able to choose which account data they want to share with payment service providers and which not. When a TPP accesses consumer accounts via ‘screen scraping’ services, even when identifying themselves to a bank, consumers are still not able to contain this TPP access to their account information, thus endangering the privacy of their data.

Banks instead favour an EU ecosystem for third-party access to consumer account data that is secure, reliable and interoperable, either through introducing Application Programming Interfaces, or APIs, or by upgrading existing bank interfaces. Only thus can TPP access be contained to only the data for which the consumer has given explicit consent. Such new and innovative financial technology would ensure compliance with the EU’s new privacy requirements under the General Data Protection Regulation (GDPR) that enters into force in May 2018. Banks in several EU Member States have already developed sector-wide APIs for third-party access to client accounts.

The author of this article is solely responsible for the content published.

Interested to
become a member?

ABBL membership gives you the advantage of working side by side with your peers. So, why not join and become an active member of our community?

Become a member

Agenda stay tuned

Stay tuned or participate at ABBL, its members, or other financial sector actors’ events.

Check the calendar

ABBL
Association des Banques et Banquiers, Luxembourg
12, rue Erasme | L-1468 Luxembourg
Tél.: (+352) 46 36 601 | Fax: (+352) 46 09 21
Email: mail@abbl.lu
Heures d'ouverture:
Du Lundi au vendredi de 8h00 à 17h30


Conception & design E-connect, powered by Quilium

We use cookies to ensure the best experience on our website. By accepting you agree the use of cookies. OK Learn more