GBAF: Last stage of PSD2 incoming but the road ahead is still fraught with danger
The Strong Customer Authentication deadline approaches soon, but the market is not fully prepared for it. Customers may experience service failures and fraud as a result of this. For instance, when they try to access their payments data or when they try to carry out a payment. PSD2 regulators recognized a similar situation for card payments. Therefore they granted a period of an additional 18 months to get things right. However, for the Third Party Providers (TPP’s) this is not (yet) the case.
A number of factors led to the situation TPP’s are in right now. First, most of the Application Programming Interfaces (API’s) were not available or functional as required on the June 14th deadline. Also de eIDAS certificates to use API’s were not available at that time. One of the reasons for this situation are the Regulatory Technical Standards which left room for too many interpretations and therefore led to several unintended consequences.
To overcome this situation, and take more steps towards Open Banking, the PSD2 regulators should provide flexibility. They should not drop the guillotine on the 14th of September. This is needed for all involved parties to get things right.