30 July 2021
The European Banking Authority (EBA) published today clarifications to a sixth set of issues that had been raised by participants of its Working Group (WG) on Application Programming Interfaces (APIs) under the Payment Services Directive (PSD2). The clarifications respond to issues raised on authentication with electronic signatures, biometrics and authentication on mobile apps, preventing social engineering fraud, ability of payment initiation service providers to refuse a payer’s request to initiate a payment transaction, and complexity in the authentication process.
On 11 March, 1 April, 26 April, 26 July and 14 August 2019, the EBA published clarifications to the first five sets of issues that had been raised by the working group. Following an extended hiatus as a result of the COVID-19 pandemic, the group met again in mid-June 2021, and today's publication is the response to a new, sixth set of issues that has been raised by the group. In the months to come, the EBA will provide further clarifications.
In January 2019, the EBA established a Working Group (WG) on APIs under PSD2, consisting of 30 individuals representing account servicing payment service providers (ASPSPs), third party providers (TPPs), API initiatives, and others market participants. The aim of the group is to facilitate industry preparedness for the Regulatory Technical Standard (RTS) on Strong Customer Authentication and Common and Secure Communication and to support the development of high-performing and customer-focused APIs under PSD2.
The group is tasked with identifying issues and challenges that market participants face during use of API interfaces. The group is also asked to propose solutions on how the identified issues could be addressed, which the EBA and national authorities will then consider when providing clarifications in response to the issues raised.