FCA boosts open banking by removing the 3-month recertification requirement

Fintech companies no longer need to reauthenticate their customers every 90 days to have continuous access to their bank account data, but with the changes to the open banking rules set by the Financial Action Authority, their consent. Need to prove.

Currently, customers who access their account information through a third-party provider (TPP) must authenticate through strong customer authentication (SCA) the first time they access their data.

The current rule requires reauthentication every 90 days thereafter. This process confuses customers and increases dropout rates.

According to the FCA, an industry group reported that the TPP experienced a customer attrition rate of about 20-40% on the 90th day when SCA was needed.

The abolition of the 90-day rule is a relief for TTPS, but customer consent must be obtained every three months to continue providing service.

The FCA states: “We believe these measures are proportional, given the level of risk. The need to protect consumers from TPP access without explicit consent and the need to unknowingly share data. Balance sex with reducing customer friction. ”

This move is welcomed by supporters of open banking. Jack Wilson, Head of Public Policy at TrueLayer, said: The “90-day” rule was introduced in good faith, but it caused serious problems for open banking-based services. Credential sharing will hoop every 90 days with each connected bank. Instead, an AISP such as TrueLayer manages the customer’s data sharing by asking the customer if they want to share the data every 90 days. It strikes a balance between continuous access and the important right of consumers to withdraw their consent at any time. “

Another barrier to the growth of open banking identified in the reviews is existing customer interfaces (or modified customer interfaces, MCI) such as online banking platforms that are not specifically designed for TPP to access customer account information. ) Is involved.

Many TPPs have claimed operational issues when accessing customers’ payment accounts through MCI, and are discouraged from serving customers who have account providers enabled access through MCI. I’m letting you.

The FCA has proposed requiring the use of a dedicated interface for TPP access to payment accounts of certain consumers and SME customers, giving businesses an 18-month runway to make the necessary changes.

Watchdog said: “We do not consider an interface that requires TPP to access information through the screen (called” screen scraping “) as a dedicated interface. It was taken into account when setting the scope of this requirement. If we believe there is a reasonable outlook for TPP demand. This includes personal payment accounts within the scope of the 2015 Payment Accounts Regulations (PAR), equivalent payment accounts held by SMEs, and consumer and SME credit card accounts. ”

FCA boosts open banking by removing the 3-month recertification requirement

Source link FCA boosts open banking by removing the 3-month recertification requirement

Related Articles

Back to top button