EBA published clarifications to a fourth set of issues that had been raised by participants of its Working Group on APIs under PSD2.

The clarifications respond to issues raised on the confirmation of payment execution, biometrics and authentication on mobile apps, access to non-payment account information, stress testing, qualified eIDAS certificates for Account Servicing Payment Service Providers (ASPSPs), the 4 times per day access by Account Initiation Service Providers (AISPs), and the Sharing of payment account number with Payment Initiation Service Providers (PISPs).
Background and next steps

In January 2019, the EBA established a Working Group (WG) on APIs under PSD2, consisting of 30 individuals representing account servicing payment service providers (ASPSPs), third party providers (TPPs), API initiatives, and others market participants. The aim of the group is to facilitate industry preparedness for the Regulatory Technical Standard (RTS) on Strong Customer Authentication and Common and Secure Communication and to support the development of high-performing and customer-focused APIs under PSD2.

The group is tasked with identifying issues and challenges that market participants face during the testing and use of API interfaces in the period leading up to the application date of the RTS on 14 September 2019. The group is also asked to propose solutions on how the identified issues could be addressed, which the EBA and national authorities will then consider when providing clarifications in response to the issues raised.

On 11 March, 1 April and 26 April 2019, the EBA published clarifications to the first, second and third set of issues that had been raised by the working group. Today’s publication is the response to the fourth set of issues. In the weeks to come, the EBA will add further clarifications.

Further information: EBA responses to issues XIV to XX raised by participants of the EBA Working Group on APIs under PSD2

The information contained in the table below is of an informational nature and has no binding force in law. Only the Court of Justice of the European Union can provide definitive interpretations of EU legislation. The information may factually reflect a given challenge faced by the industry, reiterate the European Banking Authority’s views that have been previously published, reflect discussions that have been held on the practical implementation of legal requirements, or may include examples of industry practices. The information is also without prejudice to any future decisions made or views expressed by the European Banking Authority.