EBA releases clarification on API-based PSD2 queries

The European Banking Authority (EBA) has released new clarifications on application programming interfaces (APIs) ahead of the implementation of PSD2. 

Clarifications include: 

  • Confirmation of payment execution
  • Biometrics and authentication on mobile apps
  • Access to non-payment account information
  • Stress testing
  • Qualified eIDAS certificates for account servicing payment service providers (ASPSPs)
  • The 4 times per day access by Account Initiation Service Providers (AISPs)
  • The sharing of payment account number with payment initiation service providers (PISPs).

The fourth set of issues were raised by members of its self made ‘Working Group’ which was developed in Jan 2019 to raise industry views on regulatory technical standards (RTS) on aspects such as strong customer authentication and common/secure communication whilst also further supporting the development of high-performing and customer-focused APIs under PSD2.

The group consists of 30 individuals representing account servicing payment service providers (ASPSPs), third party providers (TPPs), API initiatives, and other market participants.

Together the group identifies any issues, weaknesses or challenges that participants face during usage or testing of API interfaces leading up to the deadline of RTS on 14 September 2019. 

Furthermore they also propose alternative solutions on the issues proposed by stakeholders – of which the EBA and national authorities will consider in their responses. 

EBA revealed they expect to release further clarifications before the September deadline.