 |
The European Commission has announced the final regulatory technical standards (RTS) for PSD2. Published on November 27, its recommendations would see screen scraping outlawed, and increase the strength of customer authentication needed to complete a transaction.
 |
| Kevin Bocek, Venafi |
Kevin Bocek, vice president of security strategy and threat intelligence at cybersecurity company Venafi, says: “The ban on screen scraping is perhaps the most significant aspect of the RTS. It will really drive a lot of change.” The ban will hit a number of third party providers (TPP) whose business models are based on the ability to screen scrape. Their systems work by accessing customer’s information and using it in their place, while looking to the bank’s systems as if it was the customer themselves. Now it will be obvious to the bank that it is not the customer who is accessing their account.
Bocek says: “The rules are putting the banks back in control. They will be able to set the boundaries on which interfaces the third parties need to use. It will create a lot of problems for these companies operating solely as TPP.