UK watchdog scraps 90-day reauthentication rule for Open Banking

The Financial Conduct Authority (FCA) has revealed that customers will no longer need to reauthenticate with their account servicing payment service provider every three months as part of Strong Customer Authentication (SCA) rules.

Previously, customers were required to reauthenticate every 90 days to continue accessing account information through a third-party provider (TPP).

The regulator explained that the reauthentication process was one of the key barriers to the continued development and uptake of Open Banking because it creates friction for customers when using TPP services and “increases the likelihood of customers dropping off.”

However, SCA will continue to be required when customers first decide to connect their account to a third-party service, and TPPs will still need to reconfirm their customers’ consent every three-months.

“We consider that these measures are proportionate, taking into account the level of risk,” said the UK watchdog in a policy statement. “They balance the need to protect consumers from TPP access without explicit consent, and unwittingly sharing data, with reducing friction for customers."

The FCA identified the use of existing customer interfaces, or modified customer interfaces (MCIs), that are not specifically designed for TPPs to access customer account information, as another barrier to Open Banking.

“Many TPPs face operational difficulty when accessing customers’ payment accounts via MCIs,” added the authority. “This has discouraged them from serving customers whose account providers enable access through MCIs.”

The regulator now requires some account servicing payment service providers to have dedicated interfaces so that TPPs have access to customer account information for retail and SME payment accounts. Alongside this, rules on providing interface technical specifications, testing interfaces, and fallback interfaces by these payment service providers will be amended so that they can launch products and services more quickly.

Finally, the FCA said that it will allow account servicing payment service providers with a deemed authorisation under the Temporary Permissions Regime (TPR) to rely in the UK on an exemption from setting up a fallback interface granted by a home state competent authority located in the EU.

    Share Story:

Recent Stories


New Business Frontiers
FStech’s Mark Evans discusses the future of financial services with Liu Jianning of Huawei, covering the limitations that current thinking can impose, how financial institutions can embrace technology to be both agile and resilient, and making space for the organisation to focus on the job of creating innovative business models and on delivering business value for their customers.

The Future of Intelligent Finance
FStech Group Editor Mark Evans sits down with Jason Cao, President of Global Financial Services Business Unit, Enterprise BG at Huawei ahead of its Intelligent Finance Summit which was held on 3rd and 4th of June in Shanghai. This Q&A delves into key trends in digital transformation of the financial services industry as well as a look at how data, robotic infrastructure, intelligent storage and innovative technologies are shaping the future for FSIs.

Cracking down on fraud
In this webinar a panel of expert speakers explored the ways in which high-volume PSPs and FinTechs are preventing fraud while providing a seamless customer experience.