Europe News

by paul paul No Comments

How SCA and 90-day Reauth Harm Competition & Security

If you’ve read the previous tomes in this series, you’ll know that the FCA’s proposed change to the 90-day reauthentication requirement will have significant positive impact on the industry – and why this course correction is good for the competitive landscape and fintech innovation. You’ll also already know the context for how the rules combining secure customer authentication (SCA) and the 90-day rule are mired in a conflicting quagmire that does nothing to materially improve customer security and access to open banking value propositions. Not to mention, you’ll already be familiar with how SCA and 90-day do nothing to further the PSD2 objectives to improve innovation, promote competition, and secure consumers better financial outcomes; in fact, it does the just the opposite as it dooms PSD2 to a political failure rather than an innovation triumph.

Download Document Here

by paul paul No Comments

The Detrimental Impact of 90D Reauth & SCA on Fintech, the Market, & End Customers

Secure Customer Authentication (SCA), combined with the requirement for end-users to reauthenticate every 90 days, is meant to provide a secure and reliable way for consumer to connect their bank accounts to regulated fintech services. Or at least that was the intention when it was enshrined in law as part of PSD2’s Regulatory Technical Standards (RTS). But the road to Hell is paved with good intention, and the path that SCA and the 90 Day Reauth rule have created has been chthonic at best, and hellish at worst: the entire Open Banking market has suffered from lost revenues, lost opportunities, and less innovation with fewer value propositions brought to market because of it.

Download Document Here

by paul paul No Comments

Opposing Forces: The PSD2 Secure Customer Authentication & Regulatory Technical Standards Quagmire

If you use any fintech product that relies on data from your primary bank account, you will have navigated Secure Customer Authentication (SCA) processes. You will also have run into the 90 Day Reauthentication requirement that demands you confirm you want the fintech to have access to your bank account data, while at the same time re-navigating SCA and consent mechanisms. These two components are part of PSD2’s regulatory technical standards. They’re also the finicky bits that are killing PDS2’s ability to deliver competition, innovation, and better customer outcomes to the EU and UK markets.

Download Document Here

by paul paul No Comments

UK BEIS Cross Sector Options Feedback.

Thank you for the opportunity to respond to the BEIS Smart Data Cross Sector Options. The Financial Data and Technology Association (FDATA) has a vested interest how the HMG’s Smart Data initiative is delivered to market, as our members provide valuable digital financial services under Open Banking, and they will continue to serve UK residents with expanded value propositions as Open Finance begins rolling out across the market. FDATA is on the side of consumers, innovation, and competition; we welcome HMG’s willingness to orchestrate the initiative.


In regards to BEIS’ note on creating opportunities for wider collaboration within the ecosystem, FDATA strongly suggests engaging the capabilities housed in the Global Open Finance Centre of Excellence (GOFCoE), to whom BEIS awarded an innovation grant in 2020. GOFCoE has built a Global Open Finance Technical Working Group focused on establishing harmonised and interoperable international technical standards; along side this is a Consumer Data Protection Unit, an Economic Observatory, an Economic Crime unit, and an Innovation Sandbox. All of these capabilities align with the sort of support the Smart Data Initiative would require. We strongly encourage BEIS to identify other potential ecosystem resources that would contribute to enhanced cooperation.

Download Document Here

by paul paul No Comments

FDATA – OBIE VRP & Sweeping Phase 2 Consultation Response

Please provide feedback on the following points:

The need for VRP/Sweeping – why it is so much better than any other option for the customer – control, transparency, flexibility, speed, etc.

Why this cannot be limited to 2 way sweeping, as this rules out many use cases which offer the most value to customers (eg. sweeping into non-current accounts)

How the risks that are being raised by some during the consultation are either nothing to do with VRP or significantly reduced by VRP, and why VRPs actually offer customers better outcomes

How sweeping providers will use smart/ethical AIS algorithms and tight/right sized VRP parameters to only sweep money the customer can afford – and why it’s 100% aligned to their business model to protect the customer this way

How, as regulated parties, TPPs are required to manage risk and look after customers, including if they have complaints

Download Document Here

Top