28 May 2018
https://www.avoka.com

Commission sets deadline for banks to meet new payment standards

27 November 2017  |  17863 views  |  0 Euro puzzle 5

European banks and service providers have been given an 18-month deadline to adopt new security measures and provisions for customer data exchange as mandated by the EU's revised Payments Service Directive (PSD2).

Although PSD2 comes into effect on January 2018, two of the most contentious measures in the rule-book, relating to more stringent security measures for payments transactions and the abolition of 'screen-scraping', will now be considered actionable 18-months after the relevant Regulatory Technical Standards (RTS) are published in the Official Journal of the EU, scheduled for September, 2019.

"Payment market players need this transition period to upgrade their payments security systems so that they meet the RTS requirements," states the Commission. "This means that the PSD2 provisions on strong customer authentication and on secure communication, which are directly specified in the RTS, will not apply immediately."

Europe's banks and tech companies have been eagerly awaiting the completion of the RTS for PSD2, which have been held up by competing claims and lobbying from vested parties.

Under the revised rules, the simple provision of a password or details shown on a credit card will, in most situations, no longer be sufficient to make a payment. In certain cases, a code that is only valid for a given transaction will be needed together with two independent elements, which could be a physical item - a card or mobile phone - combined with a password or a biometric feature, such as fingerprints before making a payment.

Payment service providers may be exempted if they have developed ways of assessing the risks of transactions and can identify fraudulent transactions. Exemptions also exist for contactless payments and transactions for small amounts, and particular types of payments such as urban transport fares or parking fees.

The rules also specify the obligations of banks for the provision of third party account information tools. According to the RTS, screen-scraping of account data from bank Web sites will be off-the-table and replaced by new interfaces provided by banks.

Payment service providers, including banks, will have to define transparent key performance indicators and service level targets for the dedicated communication interfaces. These "should be at least as stringent as those set for the online payment and banking platforms used by the customers".

The Commission says all communication interfaces, whether dedicated or not, will be subject to a 3-month 'prototype' test and a 3-month 'live' test in market conditions.

The Commission is promoting the set-up of a market group, composed of representatives from banks, payment initiation and account information service providers and payment service users to review the quality of bank interfaces for customer data sharing. Banks that fail to pass muster will have to provide a 'fall-back' contingency for third parties to gain unrestricted rights to direct access to the bank account as provided for in PSD2, a compromise amendment that has been welcomed by startup campaigning groups.

The European Parliament and the Council now have three months to scrutinise the RTS before they are placed on the statute book.

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

UK Open Banking expanded to cover all PSD2 products

UK Open Banking expanded to cover all PSD2 products

22 November 2017  |  18242 views  |  3 comments | 27 tweets | 51 linkedin
PSD2: Brits don't trust retailers and social media platforms with bank details

PSD2: Brits don't trust retailers and social media platforms with bank details

02 October 2017  |  16381 views  |  12 comments | 38 tweets | 64 linkedin
EBA rejects Commission amendments on screen scraping under PSD2

EBA rejects Commission amendments on screen scraping under PSD2

30 June 2017  |  25960 views  |  16 comments | 46 tweets | 63 linkedin
Berlin Group to publish single API standard for PSD2

Berlin Group to publish single API standard for PSD2

13 June 2017  |  18829 views  |  0 comments | 29 tweets | 62 linkedin
Countdown to PSD2: Finextra surveys financial institutions on readiness and strategies

Countdown to PSD2: Finextra surveys financial institutions on readiness and strategies

05 June 2017  |  15146 views  |  0 comments | 10 tweets | 5 linkedin
European Commission calls on EBA to rethink screen scraping ban

European Commission calls on EBA to rethink screen scraping ban

22 May 2017  |  11273 views  |  0 comments | 17 tweets | 21 linkedin
Fintech coalition formed to fight EBA plans to outlaw screen scraping

Fintech coalition formed to fight EBA plans to outlaw screen scraping

05 May 2017  |  11771 views  |  5 comments | 30 tweets | 23 linkedin
EBA to relax controversial PSD2 authentication rules

EBA to relax controversial PSD2 authentication rules

21 February 2017  |  22386 views  |  8 comments | 56 tweets | 77 linkedin
EBA bends under weight of PSD2 mandates

EBA bends under weight of PSD2 mandates

07 December 2016  |  16360 views  |  2 comments | 39 tweets | 55 linkedin
EBA told that tougher authentication will have a "chilling" effect on single market

EBA told that tougher authentication will have a "chilling" effect on single market

28 November 2016  |  8061 views  |  5 comments | 18 tweets | 21 linkedin
Banks unsure on response to PSD2 upheaval

Banks unsure on response to PSD2 upheaval

12 August 2016  |  11045 views  |  0 comments | 19 tweets | 28 linkedin

Related company news

 

Related blogs

Create a blog about this story (membership required)
Visit www.abe-eba.euvisit www.ebaday.comVisit www.niceactimize.com

Who is commenting?

Top topics

Most viewed Most shared
satelliteAnt Financial provides tech for China Ever...
37057 views comments | 3 tweets | 2 linkedin
Digital banking transformation creating new systemic risksDigital banking transformation creating ne...
9304 views comments | 18 tweets | 26 linkedin
MUFG to roll out blockchain payment network next yearMUFG to roll out blockchain payment networ...
7910 views comments | 13 tweets | 13 linkedin
ING opens developer portalING opens developer portal
7582 views comments | 16 tweets | 23 linkedin
PayPal and Google bind payment railsPayPal and Google bind payment rails
7403 views comments | 11 tweets | 16 linkedin

Featured job

Basic c Euro 120K, Variable Euro 120K - full ben...
Paris prefered London possible

Find your next job