The Dutch text is leading. This courtesy English translation is for your convenience only.
Following RTS 2018/389 account servicing payment service providers are considered to create such obstacles in the redirection based customer journey of the dedicated interface in the banking domain
- if they force users to perform strong customer authentication (hereafter: SCA) or log in procedures (or combinations of the two) two times or more;
- if management of the scope (e.g. duration) of consent takes place in the banking domain;
- if they force users to pass through multiple confirmation screens, each requiring them to perform an action;
- if they use redirection screens requiring users to perform an action; or
- if they use discouraging language in any of the steps.
Please note that this list is not exhaustive.
Article 32 of the RTS stipulates that account servicing payment service providers (hereafter: banks) should ensure that the access to payment accounts provided to third parties should allow these parties to provide their payment services freely and efficiently. Banks that have put in place a dedicated interface for this purpose should ensure that this interface does not create obstacles to the provision of payment initiation and account information services by these third parties.
EBA Guideline 2018/07 on the conditions to benefit from an exemption from the contingency mechanism under Article 33(6) of RTS 2018/389 mentions unnecessary delay or friction, superfluous steps and the use of unclear or discouraging language as examples of obstacles. This description still leaves room for interpretation. The aim of this Q&A document is to provide further guidance on potential obstacles to contribute to a consistent approach.
The guidance is based on an analysis of the minimum number of technically required authentication steps which meet security requirements in RTS 2018/389. This Q&A document focuses specifically on the redirection model permitted by the EBA and covers the entire customer journey in both the third party domain and the bank domain. The aim is to not give rise to unnecessary delay or friction in the customer experience whilst avoiding the use of discouraging language.
Ideally, the obstacle-free customer journey for the provision of payment initiation services consists of one single action for the payment service user in the banking domain to perform strong customer authentication (SCA) which includes a confirmation of the type of payment and the beneficiary. This confirmation may also be introduced as a second step following the SCA step, provided the bank is able to demonstrate that this is desirable from the customer's perspective, or if supplementary information must be presented (e.g. account selection or charges).
Ideally, the obstacle-free provision of account information services consists of two actions for the payment service user in the banking domain, the first being SCA, and the second being a confirmation of the payment service user’s consent to the provision of the account information service.A further explanation and visualisation of the necessary steps in the provision of payment initiation and account information services, as well as examples of obstacles, are given in the annex to this Q&A document .