Yes agree but more clarification needed:
◾is there a risk publishing the daily statistics?
◾When is the interface considered to be up again, after a period of downtime? How is this to be measured?
◾guidance needs to be available on how availability can be measured when the dedicated interface is not receiving requests.
◾how should partial availability impact the KPIs? how should partial availability be measured?
◾what is definition of a PSU interface? is each of the Netbanks a separate interface?
More clarification needed.
What is considered as an additional check on consent"?
The ASPSP is the source of trust, is a data controller in the chain and has a duty of care to their customers. How will consumers differentiate a trustworthy TPP approach from any old hack phishing for their on-line password?
Is it compliant if, during the SCA step, the ASPSP enables the PSU to approve the TPP’s access before the ASPSP proceeds with servicing the TPP’s request? This would include displaying to the PSU the type of access being requested and the duration, the data and accounts, with the possibility to select the accounts for which the access is granted."
More clarification needed what is widely used"?"