FCA removes 90-day re-authentication banking rule
The UK’s Financial Conduct Authority (FCA) has removed the 90-day re-authorization requirement, a move seen as a boon to open banking.
Currently, consumers using open banking services that give third-party providers (TPP) such as peer-to-peer (P2P) lending applications or platforms access to their primary bank account must re-authenticate with their payment service providers (ASPSP) every 90 days to reconfirm the authorization.
According to the FCA statement, it was important to remove the requirement because the 90-day rule “creates friction when using TPP services and increases the likelihood that customers will give up.” The independent body, however, proposed that the requirement be placed on third-party providers (TPPs) to access the service.
Related: FCA proposes changes that remove ‘barriers’ to growth and innovation in UK payments
In addition to the 90-day rule, the UK watchdog ruled on using existing customer interfaces or modified customer interfaces to access customers’ payment accounts, which he said was another barrier “to continued growth, innovation and competition in payments and electronic payments. monetary sector, in particular for open banking.
See: How banks and payment providers deal with PSD2 and SCA complications
Since many TPPs find it difficult to use interfaces due to their complex design, some ASPSPs, including payment service providers such as banks and credit card companies, now have 18 months to deliver. dedicated interfaces allowing TPPs to access customer account information for retailers and small businesses. payment accounts.
Read more: SecurionPay on Tapping Automation to meet the SCA mandate of PSD2
Earlier this year, the financial regulator launched an open consultation proposing changes to the European Union’s SCA-RTS – the European Banking Authority’s regulatory technical standards on strong customer authentication and secure communication. (SCA) – under which the reauthentication rule was covered.
The EU regulation aims to regulate the type of access payment service providers (PSPs) have to customer payment account data held by ASPSPs, but compliance with robust customer authentication measures has been a challenge for companies struggling to comply with the rules.
You might also like: FIS on using delegated authentication to meet SCA requirements
Contactless payments was another area the FCA tackled, with a proposal to increase single transaction limits to £ 100 and cumulative transaction limits from £ 130 to £ 300.