- EBF underlines importance of privacy and security under PSD2
BRUSSELS, 2 June 2017 – In the context of the second EU Payment Services Directive (PSD2) the European Banking Federation would like to underline that banks in the European Union fully support the creation of an efficient and effective EU ecosystem of interoperable interfaces for secure and reliable communication via the banks’ infrastructure between third-party payment service providers, known as TPPs, and clients.
Customers expect banks to protect their personal data. Data protection is at the core of trust in financial institutions. That is why the EBF, taking note of the European Commission’s response to the European Banking Authority (EBA) on its regulatory and technical standards for strong customer authentication under PSD2, would like to reiterate its concerns over the consequences of the amendment proposed by the European Commission.
Even though TPPs would have to identify themselves towards banks, they would still have access, at minima, to all the balances of all the accounts held by clients when clients pay on the internet through the existing practice known as ‘screen scraping’. The privacy of client data, cybersecurity and innovation are all at risk if ‘screen-scraping’ is allowed to continue once PSD2 enters into force next year. Clients must be able to choose which account data they want to share with payment service providers and which not. When a TPP accesses consumer accounts via ‘screen scraping’ services, even when identifying themselves to a bank, consumers are still not able to contain this TPP access to their account information, thus endangering the privacy of their data.
Banks instead favour an EU ecosystem for third-party access to consumer account data that is secure, reliable and interoperable, either through introducing Application Programming Interfaces, or APIs, or by upgrading existing bank interfaces. Only thus can TPP access be contained to only the data for which the consumer has given explicit consent. Such new and innovative financial technology would ensure compliance with the EU’s new privacy requirements under the General Data Protection Regulation (GDPR) that enters into force in May 2018. Banks in several EU Member States have already developed sector-wide APIs for third-party access to client accounts.
Media contact:
Raymond Frenken, Head of Communications, +32 496 52 59 47, r.frenken@ebf.eu
About the EBF:
The European Banking Federation is the voice of the European banking sector, uniting 32 national banking associations in Europe that together represent some 4,500 banks – large and small, wholesale and retail, local and international – employing about 2.1 million people.EBF members represent banks that make available loans to the European economy in excess of €20 trillion and that securely handle more than 400 million payment transactions per day. Launched in 1960, the EBF is committed to creating a single market for financial services in the European Union and to supporting policies that foster economic growth.
Subscribe to the EBF Weekly + FinReg Agenda
Every Friday at noon you can receive the EBF Weekly + Financial Regulation Agenda. This agenda presents an overview of upcoming European and international meetings and conferences in financial regulation, as well as important general financial and economic events and key EBF meetings for the week ahead. CLICK HERE TO SUBSCRIBE
Subscribe to the EBF Morning Brief
The EBF Morning Brief is published Monday through Friday morning and brings you the top banking headlines, relevant announcements from the EU institutions and the latest from the EBF and its members, national banking associations in 32 countries in Europe. CLICK HERE TO SUBSCRIBE
EU Banks for Ukraine
