Published: 4 July 2018
ESBG welcomes that banks can be exempted by the national competent authorities from having to provide this fall-back option if the APIs used prove to meet market acceptance criteria. Only PSD2 compliance should be taken into account when assessing those APIs.
Five months after the deadline for transposing PSD2, which occured in January 2018, only 18 Member States have fully transposed the directive. Key concerns for ESBG are the conditions under which third-party providers (TPPs) can access payment accounts and can initiate payments from those accounts. Although the European Commission confirms the mandatory use of “dedicated interfaces”, also known as APIs, it also opened the door to less secure communications by mandating a fall-back option very much akin to screen scraping, allegedly to ensure business continuity. ESBG members are deeply concerned by the business, operational, and cost risks and issues that the introduction of this fall-back poses to the supply and hence demand sides, in the absence of any proper understanding of the online banking environment and its evolution.