Much has been written about Payment Services Directive 2 (PSD2) and its potential to herald a new era of open banking where banks no longer have a monopoly on payment services. Instead they will be forced to provide full access to customer accounts to third parties looking to provide financial services of their own, on top of banks’ existing data and infrastructure.
All of this could prove to be true, just not on January 13th 2018, the deadline for national governments to transpose PSD2 into law. This is because there is still so much to be decided and clarified. The European Banking Authority’s longawaited regulatory technical standards (RTS) on strong customer authentication (SCA) were issued in March 2017 but missing some of the finer details, such as the methods to remotely access customer data and account information and the measures around the use of application programming interfaces (APIs) and screen-scraping.