What does this mean for Open Banking providers?
All banks and third-party providers (TPPs) delivering digital or mobile banking services in Europe must adhere to changes to customer authentication rules over the next four months. But how can they turn these regulations to their advantage?
What’s the background?
The revised Payment Services Directive (PSD2), and the accompanying Regulatory Technical Standards on strong customer authentication and common and secure communication (SCA-RTS), were put in place in September 2019. Changes to these regulations came into force on 22 March this year and must be adopted by 30 September.
What are the core changes and what do they mean for you?
The changes guarantee a consistent application of the SCA exemption for AISPs across the EU. There are three notable amendments:
1. SCA renewal extension
Where account information is accessed through an account information service provider (AISP) or directly by the customer, the period in which the payment service user (PSU) must perform SCA again to re-authenticate has been extended from every 90 days to every 180 days.
Doubling the time interval required between SCA renewals through ASPSPs will save consumers a lot of time and reduce friction when using TPP services. At the same time, the prolonged consent period will afford TPPs greater control over accessing and managing multiple accounts from within their apps.
The renewal extension makes Open Banking more viable for daily and ‘out of business hours’ tasks so B2B use cases should receive a particular boost.
For Klarna Kosma, it means that we can provide clients with 180 days of account access for all banks we're connected to, not just in Sweden or Germany but also in France and Italy where we've historically seen the most challenges.
2. Mandated exemption
Account providers will no longer need to apply SCA every time a customer uses an AISP to access or manage their payment account information, as long as certain conditions are met.
This should lead to improved retention rates - users will not have to undergo the SCA flow on a daily basis or suffer the frustration of constantly reconfirming their consent.
3. Voluntary exemption scope (under Article 10A)
This now only applies when customers access their account information directly. It means that the account servicing payment service provider (ASPSP) is free to decide if it wants to apply for the SCA exemption when the customer is accessing their account information directly through the bank's online banking portal or mobile banking app. Essentially, ASPSPs are not obliged to let the PSU log in without SCA to the online banking portal.
How can we help you take advantage of these changes?
Taking full advantage of the new SCA-RTS changes means rethinking and re-energising your approach to Open Banking services. Klarna Kosma works with banks, fintechs, merchants and AISPs to support their Open Banking-based ambitions. We do the heavy lifting so you can bring insight-based financial products and account-based services to market sooner and at a much lower cost.
We free potential innovators from the complexity of connecting secure multiple data points, so they can focus on turning exciting Open Banking ideas into reality. At the same time, we provide all the expertise you need to ensure that your end services are PSD2 and SCA-RTS compliant. Kosma connects you seamlessly to 15,000 banks and fintechs in 24 countries, so monitoring, reporting, forecasting and predicting customers’ financial actions becomes effortless.