PSD2 screen-scraping war continues
For the last several months the European Banking Authority (EBA) has been battling to include a ban on ‘screen-scraping’ in the PSD2 Regulatory Technical Standards (RTS), meaning that using a bank’s API would be the only way to gain access.
It was initially announced in the final draft published in February 2017, and met with strong opposition from a number of fintech players who currently use this approach to access bank account data on behalf of their clients. As a result the European Commission (EC) took up the cudgels and proposed amendments to the draft RTS which would have allowed screen-scraping to continue as a back-up measure in case of the failure of a bank’s API.
This is turn prompted a strong reaction from the banks, who complained about the risks to client data privacy and security generally. The EBA has now taken their side and rejected the EC’s proposed amendments, instead proposing tougher checks and balances on the banks’ APIs together with minimum performance and availability standards.
The ball is now back in the EC’s court to make a final decision and then adopt the RTS.