|
The European institutions have missed an opportunity to contribute to a truly innovative, competitive and secure European market for payment services. The impact of this complex law is difficult to foresee. It is more than likely that this agreement provides yesterday’s solutions for tomorrow’s problems.
After two years of discussions the final text agreed by the three institutions reflects multiple political compromises on many key points, including the security of user credentials, distribution of liability between service providers and exemptions.
A fragile balance has been sought between sometimes conflicting objectives such as innovation, user security, market integration, data protection and competition. The final agreement broadly reflects political ambitions to see a bigger role played by non-bank service providers.
The EBF believes this agreement will be to the detriment of European consumers and the necessary protection of their bank accounts. The PSD2 framework is already partly obsolete and above all harmful as it requires the sharing of bank access codes with non-bank providers. PSD2 will force banks to grant third parties access to client accounts so that these third parties can provide their services via the banks’ infrastructure.
It remains unclear to what extent security for both banks and consumers will be impacted by such access. The new directive makes banks potentially liable for possible irregularities or external attacks when consumers use third-party services.
The EBF regrets that the European institutions have not opted for a global framework that would have allowed third parties to offer their services to European citizens whilst maintaining the highest level of security when accessing payment accounts.