Connect with us
Finance Digest is a leading online platform for finance and business news, providing insights on banking, finance, technology, investing,trading, insurance, fintech, and more. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.


Marten Nelson, Co-Founder and CMO, Token

Let’s work backwards. Most banks know that the final deadline to comply with PSD2’s Regulatory Technical Standard (RTS) is 14th September 2019. Eleven months away.

Following the amendments to the RTS, however (based on industry consultation and lobbying from third party providers), there is another deadline for banks to negotiate, which is much sooner and far less talked about: March 14th, 2019.

By then, banks must have their ‘dedicated interface’ (open API) ready for testing by PISPs and AISPs. Article 33.6 of the RTS states that banks which aren’t ready for testing by this time must instead provide a ‘contingency mechanism’ which, for most, will mean formalising their maintenance of a web-based online or mobile interface for TPP screen scraping.

This route has negative implications for banks. But because most third parties think that screen scraping will make their lives easier, TPPs tend not to talk about the downsides.

To begin with, screen scraping poses a significant security risk: it means the security credentials of banks’ customers are shared with third parties who, if breached, could compromise all their customers’ online or mobile banking facilities.

Secondly, maintaining two (or more) interfaces drastically increases costs for the bank; each interface will require strict and ongoing monitoring and reporting to their local competent authority. For tier two banks, challenger banks and foreign banks in the UK, all of which are resource-stretched, this will further compound the serious RTS compliance burden that already includes delivering secure customer authentication, managing exemptions, identifying and managing TPPs, developing the testing sandbox, creating documentation etc.

Overall, it makes by far the most sense for banks to focus on supporting one, secure, RTS compliant open API. Especially when time is such a factor: there really isn’t much of it available before March next year.

As is so often the case, partnership holds the key. Dedicated, specialist third parties have created platforms that address these issues already, by providing a single API overlay and full developer support for TPP connections and testing. Crucially, for smaller banks, they can also lower total cost of ownership by 70% compared to inhouse development, and implement in just 90 days.

Screen scraping and other interface shortcuts are not in the interests of banks, or their customers. Banks don’t need to allow their systems and operations to be compromised simply because a regulatory deadline is looming.

Continue Reading

Recent Posts