The Financial Data and Technology Association (FDATA), on behalf of its members, is asking the European Commission and the European Banking Authority to urgently revisit the requirements on Secure Customer Authentication and 90-day Reauthentication, due to its extremely detrimental impact to Third Party Providers (TPPs).
Companies who have operated as TPPs pre-PSD2, as well as newer firms, have shared with us that they are contemplating returning money to shareholders because they cannot sustain their business under these circumstances.
PSD2’s political objective was to nurture those companies, improving competition, innovation and security in the EU payments market. However, currently the way 90-day Reauthentication and SCA work defeats the political objectives of PSD2, and fails to materially improve security to protect consumers.