- EBF underlines importance of privacy and security under PSD2
BRUSSELS, 2 June 2017 – In the context of the second EU Payment Services Directive (PSD2) the European Banking Federation would like to underline that banks in the European Union fully support the creation of an efficient and effective EU ecosystem of interoperable interfaces for secure and reliable communication via the banks’ infrastructure between third-party payment service providers, known as TPPs, and clients.
Customers expect banks to protect their personal data. Data protection is at the core of trust in financial institutions. That is why the EBF, taking note of the European Commission’s response to the European Banking Authority (EBA) on its regulatory and technical standards for strong customer authentication under PSD2, would like to reiterate its concerns over the consequences of the amendment proposed by the European Commission.
Even though TPPs would have to identify themselves towards banks, they would still have access, at minima, to all the balances of all the accounts held by clients when clients pay on the internet through the existing practice known as ‘screen scraping’. The privacy of client data, cybersecurity and innovation are all at risk if ‘screen-scraping’ is allowed to continue once PSD2 enters into force next year. Clients must be able to choose which account data they want to share with payment service providers and which not. When a TPP accesses consumer accounts via ‘screen scraping’ services, even when identifying themselves to a bank, consumers are still not able to contain this TPP access to their account information, thus endangering the privacy of their data.
Banks instead favour an EU ecosystem for third-party access to consumer account data that is secure, reliable and interoperable, either through introducing Application Programming Interfaces, or APIs, or by upgrading existing bank interfaces. Only thus can TPP access be contained to only the data for which the consumer has given explicit consent. Such new and innovative financial technology would ensure compliance with the EU’s new privacy requirements under the General Data Protection Regulation (GDPR) that enters into force in May 2018. Banks in several EU Member States have already developed sector-wide APIs for third-party access to client accounts.
Media contact:
Raymond Frenken, Head of Communications, +32 496 52 59 47, r.frenken@ebf.eu
About the EBF:
The European Banking Federation is the voice of the European banking sector, uniting 32 national banking associations in Europe that together represent some 4,500 banks – large and small, wholesale and retail, local and international – employing about 2.1 million people.EBF members represent banks that make available loans to the European economy in excess of €20 trillion and that securely handle more than 400 million payment transactions per day. Launched in 1960, the EBF is committed to creating a single market for financial services in the European Union and to supporting policies that foster economic growth.