European savings and co-operative banks join screen-scraping row

European savings and co-operative banks join screen-scraping row

Trade groups representing over 5000 European savings and co-operative banks have called on the European Banking Authority to reject Commission amendments to the revised Payment Services Directive which would require banks to provide a fall-back interface to screen-scraping technology for third party access to consumer bank data.

The proposals to outlaw screen scraping in favour of bank-led access to client data under APIs were first trailed by the publication of the EBA's Regulatory Technical Standards for PSD2 in February.

The suggestion has led to an uproar among mature fintech startups, who have lobbied hard for a reversal of the decision, claiming that the reforms will provide banks with the means to control what data is shared, putting new entrants at a disadvantage.

The European Commission has since intervened on their behalf, asking the EBA not to ban screen scraping outright but to hold it in reverse as a back-up mechanism should bank interfaces fail to function properly.

In their joint submission to the EBA, the European Savings and Retail Banking Group (ESBG) and the European Association of Co-operative Banks (EACB), argue that the Commission's position willfully misunderstands the functioning of online banking architecure, nor takes account of the resources and costs required to provide a fail-back interface.

The lobby has suggest a compromise proposal which suggests that the EBA define a minimum average availability rate of the designated interface that would release compliant banks from the burden of providing a screen-scraping fall back.

The ESBG and EACB's complaints follow an earlier intervention by the European Banking Federation, which contended that the privacy of client data, cybersecurity and innovation would all be at risk should the Commission force the EBA to backtrack on its plans.

Comments: (1)

Arjeh Van Oijen
Arjeh Van Oijen - Icon Solutions - Amsterdam 29 June, 2017, 07:32Be the first to give this comment the thumbs up 0 likes

Absence of service level specification of the PSD2 API services is a gap in PSD2 at the moment. It is not only availability, but also response times and the maximum numer of API request one TPP can send in per second. In addition it is recommended to specify what the response of the payment initiation implies. Does that mean the payment has been received, payment is validated and is going to be processed, payment is guaranteed and fraud check, AML check and funds reservation/debit have taken place so that the payment can't be rejected anymore by the debtor bank. If the end user buys a product in a store (or online) it is relevant for the merchant to have the guarentee it is going to receive the funds because as it will be handing over the goods which is irreversable. If this is going to be different from bank to bank the relevance of PSD2 may become significant less.