Community

The three credit reference agencies in the UK are Experian, Equifax and CallCredit. AFAIK ClearScore is a fintech that presents a pretty UI and advertising on top of Equifax data. I don't see how an Experian takeover would change anything except ClearScore's data source. It certainly wouldn't create a monopoly.   

New org structures don't usually impact IT systems, and the NPA is only under consideration. I would guess the outage was the result of routine maintenance.

When the NPA is implemented and the central infrastructure is replaced, that's when we might see some dramatic outages!

@Hoss, there is no Base24 or MTS involved in the Faster Payments central infrastructure.

Castication sounds like a pretty harsh punishment! Perhaps castigation would be sufficient ...

Never mind a banking license and credit cards, Klarna owns Sofort, the 800lb gorilla of the screen-scraping payment initiators. I reckon Visa is buying insurance against PSD2 and instant payments displacing card payments, as predicted in a recent Ovum report. In this sense it's similar to Mastercard's acquisition of VocaLink, though targeting a different link in the value chain.

Looking for a "a full pre-packaged PSD2 offering" is rather like the futile quest for El Dorado. The purported solutions we have seen so far offer only a fraction of the required functionality. Some work only for mobile devices; most do not address the requirement to handle corporate payments; consent and data redaction are not addressed; and so on. In any case, the ongoing controversies around the RTS make PSD2 compliance a moving target.

It's a racing certainty that any bank that is still 'reflecting' rather than doing will miss the Jan 2018 deadline. There's no 'silver bullet' solution they can plug in to achieve instant compliance.

Ralf, I don't follow your logic regarding free riding. If a company invests in new wires, powerlines, and rail tracks, do you think they should then be forced to allow other companies to use them free of charge? What would be the incentive to build them? That's not the way the market works!

Your example of public streets is misleading - streets are funded from the public purse, for the public good. If a private company funds the building of a road from its own pocket, of course it has a right to charge a toll for usage.

Regarding security, when I access Internet Banking direct from my browser, the data (including my security credentials) are encrypted end-to-end. When a screen-scraper is used, it introduces a break in encryption between my browser and the bank, presenting a new attack vector for hackers.

It's not clear from the speech whether it's the bank or the PISP who is allowed to use Transaction Risk Analysis to bypass Strong Customer Authentication. Mr. Enria also said the analysis will be "linked to predefined levels of fraud rates", which is somewhat opaque. I'd like to think these will be clarified in the final draft - to be published today, according to the speech, so not long to wait!

I welcome the banning of screen scraping. It is inherently insecure technically, and it makes phishing attacks more likely by encouraging users to enter banking credentials into non-bank websites. The argument that there will be a problem "before these new interfaces are ready" is spurious. The new interfaces (APIs) have to be available from Jan 2018, and PSD2 Article 109 allows a 6 month transition period thereafter during which existing PSPs can continue screen-scraping while migrating to the new APIs.

The screen-scrapers' business model depends on free-riding on services that banks built and continue to pay for. There is a strong case that AISPs & PISPs should make a fair contribution to the costs of building and maintaining those information and payment services. They should be grateful that the only requirement placed on them is to access those services in a controlled and secure manner.

Barefoot Kenyan runners use M-Pacer !