Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Top Stories

FIDO ALLIANCE ADDRESSES PSD2 “SCREEN SCRAPING” DEBATE IN LETTER TO EUROPEAN COMMISSION

FIDO ALLIANCE ADDRESSES PSD2 “SCREEN SCRAPING” DEBATE IN LETTER TO EUROPEAN COMMISSION

Conversations are ongoing between the European Commission (EC) and the European Banking Authority (EBA) around the Regulatory Technical Standard (RTS) for Strong Customer Authentication (SCA) under the Payment Services Directive 2 (PSD2), specifically with regards to “screen scraping”.

Screen scraping is the practice where third-party Payment Initiation Service Providers (PISPs) and Account Information Service Providers (AISPs) access bank accounts on a client’s behalf using their username and password. The practice was prohibited in the EBA’s final draft RTS, however, following a strong push back from banks, the EC is now urging the EBA to allow companies to use screen scraping as a “fallback option”.

The FIDO Alliance* recently wrote to the EC setting out the key problems with endorsing screen scraping. It argued that any approach where consumers are asked to share their login details with another entity is fundamentally at odds with language in the PSD2 and that it ultimately places consumers at increased risk. The most secure and efficient way for consumers to authorise third parties to access bank accounts today is through the use of Application Programming Interfaces (APIs), authorised by means of unphishable strong customer authentication i.e. credentials based on public key cryptography as opposed to passwords, which are inherently vulnerable.

Brett McDowell, executive director of the FIDO Alliance*, has since made the following comments in a blog post on this topic.

“We do not see any way in which the screen scraping approach requested by the EC can be implemented to the level of enhanced security called for in PSD2. There are far more secure ways for consumers to delegate access to their bank accounts, involving APIs protected by strong customer authentication credentials. Based around proven global standards such as OAuth 2.0 and OpenID Connect (OIDC), these API-based solutions have the added benefit of providing not just better security but also better privacy – as they allow consumers to grant access to their bank accounts on a granular level, choosing to share some details but not others. When paired with FIDO standards for strong authentication, API-based solutions gain the benefits of device-based multi-factor authentication that is both safer and easy for consumers to use than typing codes into a form.”

Global Banking & Finance Review

 

Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!

By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post