One more day remains until the next PSD2 milestone. Tomorrow, the EU banks should make available a sandbox to third party providers for connection and functional testing of their applications and how they interoperate with the bank interface. This can be regarded as a rehearsal for the premier of a grand spectacle, where the actors are the EU financial market participants and the audience is the rest of world.
The deadline of March 14, 2019 is linked to the date when Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) and Common and Secure Communication (CSC) apply. RTS are a binding legislative act that supplements PSD2. While PSD2 is a directive that sets the goal that all Member States must achieve and it’s up to each country to decide how to reach the set goals, RTS are a regulation that shall be applied in its entirely across the EU.
So, let’s arrange some key dates in chronological order. On March 13, 2018, the RTS on SCA and CSC entered into force after being published in the Official Journal of the European Union. The obligations set forth in RTS will apply after a transitional period of 18 months, on September 14, 2019. The main obligation is for ASPSPs to make available at least one interface for secure communication with AISP, PISP, and PIISP by the time RTS apply. Yet, RTS stipulate that ASPSPs shall provide a testing facility, including support, for payment service providers “to test their software and applications used for offering a payment service to users”. This testing environment shall be launched not later than March 14, 2019 (6 months prior to the application date of RTS on SCA and CSC). It’s interesting to note that ASPSP includes any entity that supports payment accounts (e.g. e-Wallets and even corporations that offer internal payment cards to be used by their employees to pay for various services).
Both sandbox and live environments shall support the same functionality. The main difference is that no sensitive information must be shared through the sandbox channel. Now, let’s dive into the major obligations that ASPSPs’ access interfaces should meet:
The RTS do not specify the exact requirements for the sandbox, yet it is plain clear that its functionality shall be as close as possible to the production environment so that PSPs can test upfront their applications and offer best possible services and top-notch user-experience to their end-customers. While some bigger banks can afford to develop and support the sandbox in-house, the article Article 19(6) of PSD2 states that ASPSPs can outsource this task to technical service providers. There are several companies on the market that provide technical support to banks in becoming PSD2 compliant and Salt Edge is one of them.
Salt Edge is a fintech company specialized in building Open Banking APIs for interoperability between banks, payment service providers, and end-customers. With 60+ PSD2 sandboxes being built in just weeks (to be launched on March 14), the company has extensive expertise in PSD2 and RTS requirements imposed upon ASPSPs.
So, tomorrow will show which banks have decided to sit back and wait for the storm and which are bravely sailing towards the Open Banking revolution.
About Salt Edge Inc.
Salt Edge is a global fintech company offering a range of cutting-edge solutions to financial institutions, banks, finapps, and other fintech companies. Among its most popular services are financial data aggregation API, open banking and PSD2 solutions, white label retail banking, and data enrichment. ISO 27001 certified, and connected to 3100+ banks in 61 countries, Salt Edge securely brings comprehensive financial data at the fingertips of more than 250,000 end-users monthly.
More information: www.saltedge.com
Phone number: +1-437-886-3969