Banking association calls for end of 'screen-scraping'
Fintech firms not that thrilled about the idea
The European Banking Federation (EBF) has asked the EU Commission to support a ban on "screen scraping".
Screen-scraping services, seen as a first-generation direct access technology, allow third parties to access bank accounts on a client’s behalf using the client's access credentials.
The Revised Directive on Payment Services (PSD2) introduces a general security upgrade for third-party access to a client’s data.
Earlier this month, 65 European fintech firms made their opposition to this known, stating in a manifesto (PDF) that "[T]he only functioning technology used for bank-independent [payment initiation services] and [account information services] must not be foreclosed."
Privacy of client data, cybersecurity and innovation are all at risk if European Banking Authority (EBA) standards are dismissed and screen scraping continues, the EBF argues.
The proposal requires banks to opt for either creating a "dedicated interface" that lets third parties access bank accounts on behalf of clients, or to upgrade their client interface. The EBF wants to see PSD2 delivered within the framework of (EBA) standards and the end of screen-scraping.
The European Commission appears to be willing to go against the EBA advice and allow screen-scraping to continue.
Mandating banks to accept screen-scraping as an additional direct access method would force them to maintain at least two interfaces. The EBA argues that such a proposal would "harm the development of electronic payment services" while making it more difficult to protect the privacy of account holders.
Wim Mijs, chief executive officer of the EBF, said: “The development of PSD2 can be compared to designing a new plane. You develop highly secure, innovative and sophisticated systems to make it fly. But what happens now, in the final development stages, is that the designers are required to put a heavy diesel generator on board. This plane then becomes too heavy to fly. If banks are forced to accept screen–scraping then PSD2 will never fly the way it was intended.”
PSD2 calls for the creation of a technology-neutral level-playing field for banks and fintech firms, new and old, to process and handle electronic payments in the European Union.
Both banks and new entrants in financial services technology are actively engaged in an industry-wide effort to develop common processes and standards. The forum for this cooperation is the Working Group on Payment Initiation Services of the Euro Retail Payments Board, created by the European Central Bank. ®
Sponsored: Becoming a Pragmatic Security Leader