Just days after a coalition of 56 FinTech vendors lobbied the European Banking Authority in a strongly worded petition regarding the practice of Screen Scraping, The European Banking Federation (EBF) is asking the European Commission (EC) for its help on a Screen Scraping ban due to concerns over the privacy of client data, cyber security and innovation.
The EBF wants the EC not to dismiss a key recommendation made by the European Banking Authority (EBA) on future electronic payments in the European Union (EU).
The EBF sees the EBA standards as a common solution that ensures security and as a “significant catalyst for innovation” into the future in the European payments market, fully compliant with the EU’s General Data Protection Regulation (GDPR).
Says Wim Mijs, chief executive of the EBF, says: “The development of PSD2 can be compared to designing a new plane. You develop highly secure, innovative and sophisticated systems to make it fly. But what happens now, in the final development stages, is that the designers are required to put a heavy diesel generator on board. This plane then becomes too heavy to fly. If banks are forced to accept Screen Scraping, then PSD2 will never fly the way it was intended.”
With PSD2 on its way, the EBF says this introduces a general security upgrade for third-party access to a client’s data, bringing an end to Screen Scraping. Such services let third parties access bank accounts on a client’s behalf by impersonating while using their access credentials. According to the EBF, PSD2 calls for the creation of a “technology-neutral level-playing field for banks and FinTechs, new and old”.
The proposal requires banks to opt for either creating a “dedicated interface” that lets third parties access bank accounts on behalf of clients, or to upgrade their client interface. These solutions would replace the old practice of screen scraping. According to the EBF, they ensure the continuation of direct access services in the EU in a secure way by letting clients decide for themselves which data can be accessed by third parties.
The EBF states that the EC appears to be willing to go against the EBA advice and may let screen scraping continue by requiring banks to accept it as an additional mandatory direct access method, forcing banks to maintain at least two interfaces.