The European Banking Authority commenced its public consultation on the amendment to the Regulatory Technical Standards on strong customer authentication and secure communication (SCA&CSC).
Its proposed change will address several issues the EBA has uncovered in the application of the 90-day exemption from SCA for account access. It claims some account service payment providers (ASPSPs) across the EU have experienced a negative impact on services offered by account information service providers (AISPs) under the PSD2.
This consultation will run until 25 November 2021.
In the paper, the EBA hopes to address several issues, including cases where ASPSPs have not used the exemption and request SCA for each account access. It is also keen to hear from those that request SCA more frequently than every 90-days.
To address the impact of the issues on AISPs services, the EBA suggests a new mandatory exemption from SCA for the specific use case when the access is done through an AISP that is subject to certain safeguards and conditions aimed at ensuring the safety of the customers’ data.
For instances where customers access the data directly, the EBA proposes to retain the current exemption to be voluntary. However, to ensure a level playing field among payment service providers, the regulator suggests an extension to the 90-day timeline to a 180-day period.
People can share their responses with the EBA on its website.