Response to consultation on the Guidelines on the conditions to be met to benefit from an exemption from contingency measures under Article 33(6) of Regulation (EU) 2018/389 (RTS on SCA & CSC)
Go back
Additionally, we would like to note that reports should be based on quarterly calculations as more credible than the 24-hour reporting period. Short term reports could be affected by false results, eg. by intentional overloading an API.
Referring to the Guideline 2.3 c (and to the 6.2. f) we would like to note that confirmation of availability of funds, based on provisions of the PSD2 (Article 65 1. (c)), should be preceded by payer’s explicit consent given to the ASPSP. The directive also gives the right to use this specific service (confirmation of availability of funds) to the payment service provider issuing card-based payment instruments (CBPII) and not to the payment initiation service provider (PISP). It could lead to the breach of the directive.
Question 1: Do you agree with the EBA’s assessments on KPIs and the calculation of uptime and downtime and the ASPSP submission of a plan to publishing statistics, the options that EBA considered and progressed or discarded, and the requirements proposed in Guideline 2 and 3? If not, please provide detail on other KPIs or calculation methods that you consider more suitable and your reasoning for doing so.
Yes, we agree, however, we would like to express our concerns regarding some provisions of Guideline 3. We are of the opinion, that daily statistics of the ASPSP’s interfaces (i.a. electronic banking, mobile banking etc) are commercially sensitive data and once published could be used in an inappropriate way, eg. as the evidence showing the results of cyberattacks to their makers. Daily statistics should be presented in the percentage values and be available to the relevant Competent Authority only.Additionally, we would like to note that reports should be based on quarterly calculations as more credible than the 24-hour reporting period. Short term reports could be affected by false results, eg. by intentional overloading an API.
Referring to the Guideline 2.3 c (and to the 6.2. f) we would like to note that confirmation of availability of funds, based on provisions of the PSD2 (Article 65 1. (c)), should be preceded by payer’s explicit consent given to the ASPSP. The directive also gives the right to use this specific service (confirmation of availability of funds) to the payment service provider issuing card-based payment instruments (CBPII) and not to the payment initiation service provider (PISP). It could lead to the breach of the directive.