Open banking is a simple-sounding concept – the rules around it, however, are anything but.
Under the European Union’s second payment services directive (PSD2), strong customer authentication (SCA) aims to ensure that the third parties that banks deal with are who they claim they are.
|
Mark Hewlett, Ebury |
To meet this need, adequate proof needs to be provided. This proof comes in the form of two or more elements defined as knowledge (something only the user will know), possession (something only the user possesses) or inherence (something that the user is).
Before a transaction can be made, the regulator wants to ensure that third-party payment service providers (TPPs) involved can process the transactions as they are claiming, and that neither the sender nor recipient is falling victim to fraud.
This step came as part of the final list of regulatory technical standards published by the European Banking Authority in February to comply fully with PSD2. The new rules firmly mandated the use of digital certificates as proof of identity.
This change is a step towards the TPPs coming under regulatory scrutiny – something which, much to the chagrin of many banks, they have largely avoided so far.