The revised EU Payment Services Directive (PSD2) entered into force in January 2016 and has to be transposed into member states’ national law within two years. It enables third-party payment service providers to access various functionalities of payment accounts operated online by customers. Account-servicing payment service providers are required to make available access and all relevant information to third-party service providers free of charge.
Specifically, this covers the following three services:
As regards the electronic interface, the European Banking Authority (EBA) will be required to draft and present to the European Commission regulatory technical standards (RTSs) for authentication and secure communication within 12 months after the entry into force of PSD2. Following their adoption by the Commission, the market will have a period of 18 months to implement them.
EBA will, however, merely define generic requirements, so that uniform EU-wide implementation cannot be ensured. Implementation of the technical requirements will ultimately be left to the market. This harbours the danger that both banks and third-party service providers will have to support several different standards and that the goal of harmonisation will not be achieved. This is unlikely to be in the interests of either regulators or banks and third-party service providers.
The German Banking Industry Committee (GBIC), together with STUZZA (Austria) and SIX (Switzerland), therefore call for uniform interoperable communication between third-party service providers and banks in Europe, which, in turn, presupposes that there is a common interface standard. They would like to see a broad and accepted market standard established quickly at European level.
General requirements for this are outlined in a presentation, with a GBIC white paper containing more detailed requirements.