Earlier today, the European Banking Authority (EBA) posted an update on certain standards that impact open banking services. One change involves authentication for individual users. CI received a comment from Jan van Vonno, Head of Industry Strategy at Tink – a leading open banking platform.
van Vonno had this to say:
“The European Banking Authority’s (EBA) 180-day amendment to the 90-day reauthentication rule will improve the situation for both consumers and businesses, who want to benefit from the services open banking can deliver. But longer term we do not believe that this change addresses the core problem of continuous friction for the consumer, and open banking businesses having to routinely re-onboard their entire customer base – even if this is now pushed from every three to every six months.
We view the UK model of customers needing to authenticate with their banks once, and thereafter only needing to re-consent with the third-party provider (TPP) as a much more workable option. Better still, we would like to see TPP’s given a mandate similar to direct debits where re-consent is not required after the initial SCA. We consider this possible within PSD2, as we recognise the limits of the EBA in being able to amend the Regulatory Technical Standards (RTS) and not PSD2 legislation itself.
Opportunities still exist within the current RTS and also PSD2 to enable us to realise the objectives that the European Commission originally set out – to enable more innovation and more competition, alongside the protection for the consumer. The financial services that open banking enables can be critical for many people, and should not auto-expire by themselves.”
Additional information is available here.