On 26 July 2019, the European Banking Authority (EBA) published its clarifications to the fourth set of issues that had been raised by participants of its Working Group on Application Programming Interfaces (APIs) under the revised Payment Services Directive (EU) 2015/2366 (PDS2).

In January 2019, the European Banking Authority (EBA) established the Working Group to facilitate industry readiness for the Regulatory Technical Standard (RTS) on Strong Customer Authentication and Common and Secure Communication as well as to support the development of high-performing and customer-focused APIs under PSD2. The group consists of 30 individuals representing Account Servicing Payment Service Providers (ASPSPs), third party providers, API initiatives, and other market participants.

The group has identified issues that market participants may face during the testing and use of API interfaces in the period approaching the RTS application date of 14 September 2019. The group has proposed solutions to the issues it raised which will be considered by the EBA and national authorities when providing clarifications in response to such issues.

The EBA’s fourth set of issues provide clarifications in response to issues raised on the following:

  • confirmation of payment execution;
  • biometrics and authentication on mobile apps;
  • access to non-payment account information;
  • stress testing;
  • qualified eIDAS certificates for ASPSPs;
  • four times per day access by Payment Initiation Service Providers; and
  • the sharing of payment account numbers with Payment Initiation Service Providers.

The EBA published clarifications to the first, second and third set of issues raised by the working group on 11 March 2019, 1 April 2019 and 26 April 2019, respectively. Upon publishing its fourth set of clarifications, the EBA has indicated that it will publish further clarifications before September.

On 21 June 2019, the EBA issued an opinion noting that national competent authorities may provide limited additional time beyond 14 September 2019 for compliance with the regulatory technical standard.