- Question ID
-
2018_4172
- Legal act
- Directive 2015/2366/EU (PSD2)
- Topic
- Strong customer authentication and common and secure communication (incl. access)
- Article
-
67
- COM Delegated or Implementing Acts/RTS/ITS/GLs/Recommendations
- Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
- Article/Paragraph
-
Article 36 (5)(b) RTS SCA
- Type of submitter
-
Credit institution
- Subject matter
-
Interpretation of 'Active request for account information'
- Question
-
How should 'active request for account information' by a Payment Service User (PSU) be interpreted the wording of article 36(5)(a)(b) of the RTS SCA?
- Background on the question
-
Account servicing payment service providers (ASPSPs) want to offer the best customer experience, however also needs clarity what an active request for information of the PSU actually is (as these are not part of the 4x a day limitation). Currently it is unclear which actions a customer needs to do (i.e. only opening the app or to swipe/push a button in the app) are needed to update the information showed in the account information overview.
The implications are mainly around the resources involved with increasing bandwidth of IT infrastructure. A liberal interpretation of the concept of an ‘active request’ implies more requests/traffic to the API and, thus it is expected by our engineers, a higher infrastructure bandwidth would be required. A liberal interpretation might in example be that opening up an AIS app by a user is already an active request to refresh his/her AIS information – rather than having to perform a separate in app action like hitting a refresh button.
- Submission date
- Final publishing date
-
- Final answer
-
Article 36(5)(b) of Commission Delegated Regulation (EU) 2018/389 states that the Account Information Service Provider (AISP) shall be able to access the relevant and necessary information from the account servicing payment service provider (ASPSP) “whenever the payment service user (PSU) is actively requesting such information”. The reference to ‘active request’ refers to the PSU being in session at the time of the request and proactively performing an action, predefined by the AISP, to request such information. It does not include the case where the PSU has given a mandate to an AISP to access whenever possible or the case where the AISP is mandated to refresh automatically the information whenever the PSU is accessing the AISP application(s).
- Status
-
Final Q&A
- Answer prepared by
-
Answer prepared by the EBA.
Disclaimer
The Q&A refers to the provisions in force on the day of their publication. The EBA does not systematically review published Q&As following the amendment of legislative acts. Users of the Q&A tool should therefore check the date of publication of the Q&A and whether the provisions referred to in the answer remain the same.