26 July 2019
The European Banking Authority (EBA) published today clarifications to a fourth set of issues that had been raised by participants of its Working Group (WG) on APIs under PSD2. The clarifications respond to issues raised on the confirmation of payment execution, biometrics and authentication on mobile apps, access to non-payment account information, stress testing, qualified eIDAS certificates for Account Servicing Payment Service Providers (ASPSPs), the 4 times per day access by Account Initiation Service Providers (AISPs), and the Sharing of payment account number with Payment Initiation Service Providers (PISPs).
In January 2019, the EBA established a Working Group (WG) on APIs under PSD2, consisting of 30 individuals representing account servicing payment service providers (ASPSPs), third party providers (TPPs), API initiatives, and others market participants. The aim of the group is to facilitate industry preparedness for the Regulatory Technical Standard (RTS) on Strong Customer Authentication and Common and Secure Communication and to support the development of high-performing and customer-focused APIs under PSD2.
The group is tasked with identifying issues and challenges that market participants face during the testing and use of API interfaces in the period leading up to the application date of the RTS on 14 September 2019. The group is also asked to propose solutions on how the identified issues could be addressed, which the EBA and national authorities will then consider when providing clarifications in response to the issues raised.
On 11 March, 1 April and 26 April 2019, the EBA published clarifications to the first, second and third set of issues that had been raised by the working group. Today's publication is the response to the fourth set of issues. In the weeks to come, the EBA will add further clarifications.