The European Commission has unveiled a potential set of new rules on open banking which it says will enhance consumer protection and competition in electronic payments.
The revised Payment Services Directive proposal, which will replace PSD2 with PSD3, has been introduced alongside the new Financial Data Access (FIDA) proposed rules as well as separate Payment Services Regulation (PSR).
The proposals reflect a push to further adapt to the growing emergence of payment providers in recent years, particularly providers of ‘open banking’ services where financial data is securely shared between banks and fintechs.
The EC said a key focus for the new proposals is to strengthen competition, security and trust, and protect consumers against more sophisticated types of fraud which have emerged in parallel to recent trends.
Overall, the new package is intended to have a much more wide-reaching scope than existing regulation which has been a key driver of open banking since it was adopted in 2018.
The new measures are intended to allow non-bank payment service providers (PSPs) access to all EU payment systems including a right to have a bank account whilst also improving the functionality and performance of open banking Application Programming Interfaces.
Data Access
Amongst the changes being made to the functioning of open banking, banks and other payment account providers will be required to set up a “dashboard” allowing consumers of open banking services to see at a glance what data access rights they have granted and to whom, and to withdraw access via this tool.
In addition, banks will no longer need to permanently maintain two data access interfaces while contingency data access possibilities will remain available to open banking providers in specific and temporary circumstances. This is so business continuity can be secured in case the primary interface is down
Combatting Fraud
The EC also revealed that it believed PSD2 was no longer sufficient to safeguard against the new types of Fraud that have emerged and accelerated post Covid-19.
“New types of fraud have emerged for which PSD2 is not equipped. For example, PSD3 will go beyond the PSD2 tackling new types of fraud like “spoofing” (impersonation fraud), which blur the distinction between unauthorised and authorised transactions,” the EC said.
It added: “Prevention mechanisms such as SCA have been insufficient to prevent such frauds until now. The IBAN/name check, where a payment is only completed after verification by the bank that the name on the account ‘matches’ the IBAN linked to that name, can help prevent these types of fraud.”
See revised rules in full here
Photo by Guillaume Périgois via Unsplash
