I'm not convinced about what Finextra reports on the B2B Visa Direct solution.
As far as I understand, Visa Direct enables a sort of "card-to-card push payments" only for the B2C and P2P case, that's in the case where the beneficiary has its own Card Account (in US a prepaid card).
02 Nov 2017 17:44 Read comment
@Ketharaman:
You're definitely right when you say that the real problem lies in finding a way to objectively establish that AISP accessed only the permitted info and nothing more, by - still - maintain frictionless nature of their services.
In fact, looking at in depth PSD2 and the Final Draft of EBA RTS on SCA & CSC, one can see:
1) AISP (PFMs or something like that) access only the information from designated payment accounts and associated payment transactions (PSD2 Art.67.2.d)
2) ASPSP (banks and any other PSP) shall provide AISP with the same information from designated payment accounts and associated payment transactions made available to the payment service user when directly requesting access to the account information, provided that this information does not include sensitive payment data (FINAL REPORT ON DRAFT RTS ON SCA AND CSC Art.31.1.a)
Since what I put in bold is fairly clear that refers to only “payment data” (for instance, no portfolio’s data must appear), it’s arguable that the ASPSP is liable for providing AISP the same information made available to the payment service user when directly requesting access to the account information, provided that this information does not include neither sensitive payment data nor “not-payment” data.
IMHO, I think ASPSP can/(must) follow such a flow:
WHO’S ACCESSING THE ACCOUNT?
1) The Payment User via an AISP (ASPSP must be able to detect this independently to the interface used by AISP)
i. YES -> Provide stream data by obscuring sensitive payment data and “not-payment” data;
ii. NO -> Sorry data not accessible goodbye;
2) The Payment User himself
3) Goodbye and enjoy your reading;
26 Oct 2017 20:10 Read comment
@Russel Bell
Hereafter a not (yet …) exhaustive list of Open API / Framework initiative in EU zone:
- UK Open Banking: the bank-funded entity mandated by the Competition and Markets Authority to provide new ways for customers to share their financial data with non-bank providers;
- Berlin Group: Berlin Group NextGenPSD2 Taskforce has recently announced the creation of an open, common and harmonised European API standard to enable TPPs to access bank accounts under the PSD2;
- Open Bank Project: Open Bank Project’s open source API technology and surrounding ecosystem of tools – together with a vibrant Fintech developer community - helps banks rapidly engage with the next generation innovators safely and securely;
- CAPS (Convenient Access to PSD2/Payment-related Services): CAPS market initiative is a large multi-stakeholder coalition-of-the-willing that aims to make PSD2 work safely, in practice and at scale for all. It is an open forum that proposes solutions to the technical, business and operational issues faced by potential PSD2 stakeholders across Europe.
Are all “rubbish” initiatives for you …?
14 Jul 2017 19:17 Read comment
@Alex
In my understanding the Contactless Companion Platform replaces cash with closed-loop contactless payment in various form factors including wearables (see official Samsung press release); Cornercard holds the funds.
27 Mar 2017 18:03 Read comment
Some security issues in Europe might hamper the adoption. Since the Keyo solution is based on a remote payment transaction (at the end of the day it's a digital wallet payment done in a brick&mortar location), the recently published EBA RTS on SCA & CSC provide that a two-factor authentication must be applied for such payments but the low-value ones (max 30 EUR).
Interesting to see if TRA (Transaction Risk Analysis) could consider this biometric solution appropriate for exempting the strong customer authentication.
10 Mar 2017 15:51 Read comment
I'm afraid the TRA usage will transform the exception into the rule ...
Anyway, another thing let me doubtful about the level-playing-field peace of mind: the current practice of third party access without identification (also called ‘screen scraping’), will no longer be allowed only once the transition period under the PSD2 has elapsed and the RTS applies. What happens meanwhile ...?
21 Feb 2017 17:25 Read comment
Lots of EU banks are now trying to better understand how they must be/will be compliant with EBA RTS on SCA and CSC, since the "last minute" (November the 29th, 2016 ... less than two months before the PSD2 provisioned deadline) announced delay in submission from the Authority, still leave them in a sort of "limbo". Having said that, I think that now is the right moment to think in term of API strategy; any banks procrastinations can be fatal ...
11 Feb 2017 21:30 Read comment
SEPA and European Payments
Payments strategies 2015-2020-2030
Blockchain in Banking and Financial Services
Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.
Please read our Privacy Policy.