Connect with us

BANKING

PSD2: The real RTS deadline is closer than banks think

Token solidifies UK’s position as Open Banking Leader with Successful Payments for all CMA9 Banks

Marten Nelson, Co-Founder and CMO, Token

Let’s work backwards. Most banks know that the final deadline to comply with PSD2’s Regulatory Technical Standard (RTS) is 14th September 2019. Eleven months away.

Following the amendments to the RTS, however (based on industry consultation and lobbying from third party providers), there is another deadline for banks to negotiate, which is much sooner and far less talked about: March 14th, 2019.

By then, banks must have their ‘dedicated interface’ (open API) ready for testing by PISPs and AISPs. Article 33.6 of the RTS states that banks which aren’t ready for testing by this time must instead provide a ‘contingency mechanism’ which, for most, will mean formalising their maintenance of a web-based online or mobile interface for TPP screen scraping.

This route has negative implications for banks. But because most third parties think that screen scraping will make their lives easier, TPPs tend not to talk about the downsides.

To begin with, screen scraping poses a significant security risk: it means the security credentials of banks’ customers are shared with third parties who, if breached, could compromise all their customers’ online or mobile banking facilities.

Secondly, maintaining two (or more) interfaces drastically increases costs for the bank; each interface will require strict and ongoing monitoring and reporting to their local competent authority. For tier two banks, challenger banks and foreign banks in the UK, all of which are resource-stretched, this will further compound the serious RTS compliance burden that already includes delivering secure customer authentication, managing exemptions, identifying and managing TPPs, developing the testing sandbox, creating documentation etc.

Overall, it makes by far the most sense for banks to focus on supporting one, secure, RTS compliant open API. Especially when time is such a factor: there really isn’t much of it available before March next year.

As is so often the case, partnership holds the key. Dedicated, specialist third parties have created platforms that address these issues already, by providing a single API overlay and full developer support for TPP connections and testing. Crucially, for smaller banks, they can also lower total cost of ownership by 70% compared to inhouse development, and implement in just 90 days.

Screen scraping and other interface shortcuts are not in the interests of banks, or their customers. Banks don’t need to allow their systems and operations to be compromised simply because a regulatory deadline is looming.

Continue Reading
Editorial & Advertiser disclosureOur website provides you with information, news, press releases, Opinion and advertorials on various financial products and services. This is not to be considered as financial advice and should be considered only for information purposes. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third party websites, affiliate sales networks, and may link to our advertising partners websites. Though we are tied up with various advertising and affiliate networks, this does not affect our analysis or opinion. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you, or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish sponsored articles or links, you may consider all articles or links hosted on our site as a partner endorsed link.

Recent Posts