Final PSD2 Rules Are Published

by Sarah Grotta 0

The final rule set regarding the EU’s second Payment Services Directive (PSD2) are available.  The directive which ushers in open banking in Europe focused the latest requirements around security.  PSD2 gives banks and non-banks access to consumer financial data, meaning that organization can reach out to a consumer’s bank to gather sensitive account and transactional data they don’t currently possess.  Securing the access and delivery of this information is critical.  Missteps that could result in the exposure of financial details would be disastrous.  EuroMoney discusses some of the security requirements that will be required of those who seek and provide the data.  First, the practice of screen-scraping will no longer be an option for data gathering which will put a halt to some current personal financial management (PFM) solutions:

The European Commission has announced the final regulatory technical standards (RTS) for PSD2. Published on November 27, its recommendations would see screen scraping outlawed, and increase the strength of customer authentication needed to complete a transaction. Kevin Bocek, VenafiKevin Bocek, vice president of security strategy and threat intelligence at cybersecurity company Venafi, says: “The ban on screen scraping is perhaps the most significant aspect of the RTS. It will really drive a lot of change.”


The enormity of the changes that the new rules impose has been recognized, so industry participants are going to be provided with an extended period of time to become compliant.

There is a three-month period for the European Parliament and the Council to assess the RTS before approval. Once approved, the rules will not come into force until 18 months after the publication of the Official Journal of the EU, scheduled for September 2019. Bocek says: “The 18 month extension in the RTS is recognition of the amount of work that is required to bring the systems of the banks and the third parties up to standard.” Bocek believes while the RTS will be a shock to some, the point of the regulation was to overhaul banking: “The rules will actually drive far greater change and complexity over the coming year. As the third parties will not be able to access accounts as easily as they had hoped, they will be forced into developing more detailed alternative ways of working.”

Overview by Sarah Grotta, Director, Debit and Alternative Products Advisory Service at Mercator Advisory Group

Read the full story here