Response to consultation on the Guidelines on the conditions to be met to benefit from an exemption from contingency measures under Article 33(6) of Regulation (EU) 2018/389 (RTS on SCA & CSC)
Go back
The identification of the channel such as online banking and mobile banking must be available in the dataset of the dedicated interfaces and reported accordingly to the CA within the PKI. This information is critical from a risk based analysis but also for assessing the performance of the dedicated interfaces with all channels and therefore defining if it allow PSUs to really widely use the dedicated interface online and in-store with the strong authentication method proposed by the ASPSP.
Therefore there is a lack of
• Recommendations enabling the analysis and identification of possible obstacles preventing the use by PSP of the credentials issued by the ASPSP.
• comparison/benchmarking criteria of performance of ASPSPs dedicated interface with PSPs
• measurement of errors and complains with the ASPSP dedicated interfaces per channel
• Measurement of services (selection of accounts, support of trusted beneficiary,…) and convenience offered by the dedicated interface to support TPPs for implementing the API(s)
• Measurements of ASPSP options with the implementation of dedicated interfaces if they vary from the specifications and/or have different end points
• Measurements of dataset completeness for mandatory and optional fields
If ASPSPs do not comply with monitoring requirements to allow CA assessing the exemption, CA would not be able granting any exemption
Redirection implies PSU being moved from one interface to another and back again which is confusing and time consuming. Currently customers enjoy only one click payment experiences or even no click payment journey.
The confirmation by yes /no of the execution of the transaction is critical for merchant releasing the goods and services. The support of real time confirmation is critical for PSU and should be clearly available to CAs, PSPs and PSUs.
Question 1: Do you agree with the EBA’s assessments on KPIs and the calculation of uptime and downtime and the ASPSP submission of a plan to publishing statistics, the options that EBA considered and progressed or discarded, and the requirements proposed in Guideline 2 and 3? If not, please provide detail on other KPIs or calculation methods that you consider more suitable and your reasoning for doing so.
The KPIs proposed allow time span measurements per channel but overlooked qualitative measurements such as PSU’s convenience (number of screen or click) and abandon rate that are key factors for enabling a dedicated interface being widely used. They also do not address the need of benchmarking with customer facing interfaces, if used by PSUs.The identification of the channel such as online banking and mobile banking must be available in the dataset of the dedicated interfaces and reported accordingly to the CA within the PKI. This information is critical from a risk based analysis but also for assessing the performance of the dedicated interfaces with all channels and therefore defining if it allow PSUs to really widely use the dedicated interface online and in-store with the strong authentication method proposed by the ASPSP.
Therefore there is a lack of
• Recommendations enabling the analysis and identification of possible obstacles preventing the use by PSP of the credentials issued by the ASPSP.
• comparison/benchmarking criteria of performance of ASPSPs dedicated interface with PSPs
• measurement of errors and complains with the ASPSP dedicated interfaces per channel
• Measurement of services (selection of accounts, support of trusted beneficiary,…) and convenience offered by the dedicated interface to support TPPs for implementing the API(s)
• Measurements of ASPSP options with the implementation of dedicated interfaces if they vary from the specifications and/or have different end points
• Measurements of dataset completeness for mandatory and optional fields
Question 2: Do you agree with the EBA’s assessments on stress testing and the options it considered and progressed or discarded, and the requirements proposed in Guideline 4? If not, please provide your reasoning.
EuroCommerce believe that contingency plan shall be included in the stress testing, with ASPSP facing attacks such as DOS (denial of service), in order to provide continuity of services with dedicated interfaces in degraded environments.Question 3: Do you agree with the EBA’s assessments on monitoring? If not, please provide your reasoning.
EuroCommerce considers the ASPSP’s monitoring obligations defined in article 32 of the RTS as key criteria for performance, wide usage and availability allowing exemptions by CA.If ASPSPs do not comply with monitoring requirements to allow CA assessing the exemption, CA would not be able granting any exemption
Question 4: Do you agree with the EBA’s assessments on obstacles, the options it considered and progressed or discarded, and the requirements proposed in Guideline 5? If not, please provide your reasoning.
EuroCommerce considers dedicated interfaces supporting only redirection as an obstacle as this access method creates unnecessary frictions to PSU in non-browser based setups and also restrict innovation of PSP.Redirection implies PSU being moved from one interface to another and back again which is confusing and time consuming. Currently customers enjoy only one click payment experiences or even no click payment journey.
Question 5: Do you agree with the EBA’s assessments for design and testing, the options it considered and progressed or discarded, and the requirements proposed Guideline 6? If not, please provide your reasoning.
EuroCommerce recommends each technical specification support and encourages ASPSP to propose a common set of connection, security, functions and services avoiding any unnecessary fragmentation in Europe per specifications as currently observed. A conformance process shall be developed per specification.The confirmation by yes /no of the execution of the transaction is critical for merchant releasing the goods and services. The support of real time confirmation is critical for PSU and should be clearly available to CAs, PSPs and PSUs.