EPC Blog: On the difference between innovation and the Wild West - how...

EPC Blog: On the difference between innovation and the Wild West - how to ensure the security of bank customers' funds and data with payment account access services.

24 October 13

Share This

On 24 July 2013 the European Commission (the Commission) published a ‘payments legislative package’, which includes the Commission proposal for a revised Payment Services Directive ( ). The Commission’s proposal for the will have to be adopted by the European Parliament and the Council of the European Union ( ) representing Member States; i.e. the legislator. The Commission’s proposal for the includes rules on access to payment accounts of bank customers. Payment account access services are also offered by providers currently operating outside the scope of the PSD; i.e. that are neither licensed nor supervised. This blog (see ‘related links’ below) addresses key considerations of the European Payments Council ( ) with regard to access to consumers’ payment accounts by currently non-licensed, non-supervised third-party service providers.

The considers it essential that there is an appropriate level of security to protect consumers against the risk of fraud and abuse of sensitive private data in the online banking and payment environment. The , therefore, stresses the need for the new regulatory and supervisory regime (the revised PSD and other legislative and regulatory initiatives) to address key requirements related to payment account access services such as supervision and licensing, security, consumer and data protection, transparency, liability allocation and the need for explicit consent.

Regulators must take the following actions to ensure the continued security of consumers’ funds and data:

  • The legislator, i.e. the European Parliament and the Council of the   representing Member States, will have to define appropriate legal and security requirements to be included within the revised PSD regarding access to consumers’ accounts by third-party service providers.
  • To safeguard a level playing field in the payments market, proper licensing and supervision of all types of service providers (including third-party service providers offering payment account access services) should be ensured. Payment account access services should become part of the scope of ‘payment services’ under the revised PSD.
  • Regulators and supervisory authorities must address the current legal vacuum; i.e. create an interim solution, which gives certainty to on how to handle requests for access to consumers’ accounts by non-licensed, non-supervised third-party service providers until the revised PSD becomes effective.

The stresses that the only means to effectively implement legal and security requirements applicable to payment account access services are contracts between the parties concerned in line with established market best practice.

Your reactions

If you would like to comment on this article, please identify yourself with your first and last name. Your name will appear next to your comment. Email addresses will not be published. Please note that by accessing or contributing to the discussion you agree to abide by the EPC website conditions of use.