European banks have urged the Commission to go ahead with its proposed ban on so-called 'screen scraping', citing concerns for privacy of client data, cybersecurity and innovation.
Under the revised Payments Services Directive (PSD2), which will come into effect from January 2018, there are requirements for a general security upgrade for third-party access to bank clients' data, bringing an end to practices known as screen scraping. Amid some debate on the subject, the European Banking Federation (EBF) has made it clear that it supports the PSD2 requirements, which would end so-called screen scraping. But not everyone agrees and, last week, a group of European financial technology (fintech) companies asked the European Commission to consider revising its regulatory technical standards (RTS) for PSD2.
What is screen-scraping and why do banks want it banned?
The practice of screen scraping is often used by account information service providers (AISPs), which provide their customers with an aggregated view of bank account balances and account data. To do this, they need to use software that automatically collects information through a bank’s existing customer-facing online banking system. Crucially, it allows third party access without identification, which is why the European Banking Authority (EBA) confirmed in February this year that screen scraping would no longer be possible under the new RTS on strong customer authentication under PSD2. It said that the main problem with screen-scraping is that it does not meet security requirements under PSD2, which require that the flow of data between account servicing PSPs and third party providers (PISPs or AISPs) is not subject to unauthorised access and to ensure customer authentication details are confidential.
But the fintech companies who rely on this process say it is a secure, proven technology, also sometimes referred to as 'direct access'. The third party providers who use the process include payment initiation service providers (PISPs) and AISPs, which rely on screen scraping to access customer accounts and then deliver services to those customers.
Last week a group of 65 European fintech companies and associations sent a manifesto to the Commission, asking it to consider amending certain aspects of the current draft of RTS for PSD2, particularly with regards to allowing the practice of screen scraping. For more detail read: European fintechs ask EC to amend PSD2 technical standards
Some say that the banks are concerned about losing their control over access to customer data and therefore losing their direct relationship and interface with the customer. But the EBF says that such services allow third parties to gain access to their customers' bank accounts by impersonating the customer, using their access credentials. The EBF has produced this video explaining its concerns:
What is screen scraping?
CTMfile take: Do you see advantages to allowing third-party providers to gain access to customer bank account data? Or do you think there are security problems associated with the practice of screen scraping? Let us know in the comments below.
European fintechs ask EC to amend PSD2 technical standards
A group of fintech organisations has said the technical guidelines accompanying PSD2 are not aligned with the regulation's aims - and has asked the European Commission to amend them
Two ways PSD2 will rock the payments boat
PSD2 is set to change the payments industry in two key ways. Corporates need to keep up with customer expectations as well as with what they should expect from their own banking partners.
PSD2: Key facts for European treasurers
PwC Italy has published an interactive webpage explaining the Payment Services Directive (PSD2) 'in a nutshell'.