On the first anniversary of Open Banking earlier this year, many stopped to question how regulatory standards were working, and what could be done to improve the banking ecosystem. How far have we come? Have we done what we set out to? Are we winning the battle to democratise banking and remove friction for the end user?
Open Banking was implemented to enhance consumers’ banking experience, but what’s become evident is that – while Application Programming Interfaces (APIs) have created a more user-friendly system – problems related to the Second Payment Services Directive (PSD2) have also threatened not only to inconvenience consumers, but to undo the Open Banking ecosystem we’ve worked so hard to develop.
Is regulation hindering FinTech?
Open Banking’s potential remains enormous and innovation continues to expand, but the incorrect implementation of Strong Consumer Authentication (SCA) standards jeopardise the progress of Open Banking.
The threats facing Open Banking can be broken down into three groups: unilateral application across non-payment accounts; authentication apathy from consumers; and longer-term threats to consumer data.
Unilateral application across non-payment accounts
The first challenge facing SCA is the unilateral implementation by banks across accounts, regardless of whether they’re PSD2 regulated, or what type of activity requires access to the account. Right now, legally, only payment accounts need to apply SCA standards, and the European Banking Authority (EBA) says that as such, “security measures should be compatible with the level of risk involved in the payment service”. While implementing SCA across all account types seems secure and transparent, if these standards are applied to all accounts, including: savings, individual savings accounts (ISAs), mortgages, and loans, customers may soon experience significant disruption across their banking experiences.
Authentication Apathy
As they stand, SCA regulations mean that consumers must reissue consent for their data to be used by third party providers (TPPs) every 3 months,

View Entire Article on ComparetheCloud.com