The European Banking Authority (“EBA“) has published an Opinion on obstacles to the provision of third party provider services (“TPPs”) under the Regulatory Technical Standards (“RTS“) on strong customer authentication (“SCA“) and common and secure communication (“CSC“).
EBA says the Opinion aims to support the objectives of the revised Payment Services Directive (“PSD2“) of enabling customers to use new and innovative payment services offered by TPPs by addressing a number of issues regarding the interfaces provided by account servicing payment service providers (“ASPSPs”) to TPPs.
Specifically, the Opinion clarifies when mandatory redirection is an obstacle to the provision of TPPs’ services and the authentication procedures that ASPSPs’ interfaces are required to support. It also offers clarity on obstacles identified in the market, including requiring multiple SCAs, the manual entry of the IBAN in the ASPSPs’ domain, or imposing additional checks of the consent given by the customer to the TPP. The Opinion explains that requiring re-authentication every 90 days for account information services in line with the RTS on SCA&CSC is not an obstacle.
EBA expects Competent Authorities to take necessary action to ensure compliance of the interfaces offered by ASPSPs with the PSD2 and the RTS, and to ensure that ASPSPs quickly remove any obstacles identified. EBA will monitor the way in which clarifications provided in the Opinion are taken into account and will take action to remedy any inconsistencies it identifies.