Bank body raises concern that proposed PSD2 screen scraping ban will not be imposed

Out-Law News | 18 May 2017 | 10:52 am | 1 min. read

EU policy makers could be set to reject a recommendation to impose a ban on 'screen scraping' in the payment services market, according to a banking industry body.

The European Banking Federation (EBF) has urged the European Commission to endorse a recommendation made earlier this year by the European Banking Authority (EBA) which, if ratified, would prevent financial technology (fintech) companies from deploying screen scraping techniques under the EU's new Payment Services Directive (PSD2).

Screen scraping involves the use of software to automatically collect information from websites and systems. In the payments market, some payment initiation service providers (PISPs) and account information service providers (AISPs) rely on screen scraping as a means of accessing customer accounts so as to deliver services to those customers.

The EBA, tasked with developing a raft of regulatory technical standards under PSD2, earlier this year issued a recommendation to prohibit screen scraping on security grounds. To enable PISPs and AISPs to exercise their rights, under PSD2, to access payment account information to service customers, the EBA instead said banks and other payment service providers (PSPs) should be obliged to facilitate the third party access through either the same interfaces they use for engaging with customers, or through a separate "dedicated interface".

However, under the Directive, the Commission has the final say over the new standards. 

In a new statement, the EBF expressed concern that the Commission would reject the EBA's screen scraping recommendation when it comes to finalising the standards on strong customer authentication and common and secure communication.

"The European Commission appears to be willing to go against the EBA advice and may let screen-scraping continue by requiring banks to accept screen-scraping as an additional mandatory direct access method, forcing banks to maintain at least two interfaces," the EBF said. "Banks are deeply concerned over this development and fear that such a choice would harm the development of electronic payment services. It would come at the expense of innovation in payment services and would make it more difficult to protect the privacy of account holders."

The EBF said that the Commission should "fully endorse the EBA standards".

"The EBF sees the EBA standards as a common solution that ensures security and as a significant catalyst for innovation into the future in the European payments market, fully compliant with the EU’s General Data Protection Regulation (GDPR)," it said.