EBA issues further clarifications on PSD2

The European Banking Authority (EBA) has published further clarifications to its guidance on Application Programming Interfaces (APIs) under second Payment Services Directive (PSD2) legislation after a fifth set of issues had been raised by participants of its working group.

The latest clarifications, which are aimed at explaining the mechanisms of the rules, respond to issues raised on the measurement of response times of the dedicated interface, the machine-readability of the EBA register, reliance on eIDAS certificates and various issues related to the contingency measures, including the identification of third party providers through ‘guest books' and the fact that the data that can be accessed as well as documentation.

It comes after the EBA published an opinion on Strong Customer Authentication (SCA) in June, acknowledging that implementing the new standards might be difficult for some merchants, with many being at risk of missing the deadline.

Last week, the FCA confirmed it was planning to grant the payments and e-commerce industry 18 months of extra time to implement SCA.

In January 2019, the EBA established a working group on APIs under PSD2, consisting of 30 individuals representing account servicing payment service providers (ASPSPs), third party providers (TPPs), API initiatives and other market participants.

The aim of the group is to facilitate industry preparedness for the Regulatory Technical Standard (RTS) on SCA authentication and secure communication to support the development of high-performing and customer-focused APIs under PSD2.

The group was tasked with identifying issues and challenges that market participants face during the testing and use of API interfaces in the period leading up to the application date of the RTS on 14 September 2019.

The group was also asked to propose solutions on how the identified issues could be addressed, which the EBA and national authorities would then consider when providing clarifications in response to the issues raised.

Last week, the FCA confirmed it was planning to grant the payments and e-commerce industry 18 months of extra time to implement SCA.

In January 2019, the EBA established a working group on APIs under PSD2, consisting of 30 individuals representing account servicing payment service providers (ASPSPs), third party providers (TPPs), API initiatives and other market participants.

The aim of the group is to facilitate industry preparedness for the Regulatory Technical Standard (RTS) on SCA authentication and secure communication to support the development of high-performing and customer-focused APIs under PSD2.

The group was tasked with identifying issues and challenges that market participants face during the testing and use of API interfaces in the period leading up to the application date of the RTS on 14 September 2019.

The group was also asked to propose solutions on how the identified issues could be addressed, which the EBA and national authorities would then consider when providing clarifications in response to the issues raised.

    Share Story:

Recent Stories


Banking's GenAI evolution: Beyond the hype, building the future
In the first episode of a three-part video podcast series sponsored by HCLTech, Sudip Lahiri, Executive Vice President & Head of Financial Services for Europe & UKI at HCLTech explores how financial institutions can navigate the transformative potential of Generative AI while building lasting foundations for innovation.

Beyond compliance: Transforming document management into a strategic advantage for financial institutions
In this exclusive fireside chat, John Rockliffe, Pre-Sales Manager at d.velop, discusses the findings of Adapting to a Digital-Native World: Financial Services Document Management Beyond 2025 and explores how FSIs can turn document workflows into a competitive advantage.

Sanctions evasion in an era of conflict: Optimising KYC and monitoring to tackle crime
The ongoing war in Ukraine and resulting sanctions on Russia, and the continuing geopolitical tensions have resulted in an unprecedented increase in parties added to sanctions lists.

Achieving operational resilience in the financial sector: Navigating DORA with confidence
Operational resilience has become crucial for financial institutions navigating today's digital landscape riddled with cyber risks and challenges. The EU's Digital Operational Resilience Act (DORA) provides a harmonised framework to address these complexities, but there are key factors that financial institutions must ensure they consider.