Could you please help me understand your roadmap from credential sharing to PSD2 API integration given RTS SCA implementation? For Germany, France and Spain

  • SCA Methods will be integrated seamlessly for our customers. Right now, there is no implemention effort expected on customer side. Our wizard solution as well as the JS-solution are designed in a way to handle the changes without braking the API.

    There is no country specific difference expected. So, our solution shall work for our customers as before.

Transition plan for us: After we integrate with your credential sharing solution, how can we transit from credential sharing to the API based solution? How will that affect our connected customers?

  • There are three ways to access to account:
    1. As long as you are a licensed TPP you are allowed to store the credentials yourself. With PSD2 there will be a Token genereated which grants access up to 90 days (depending on the consent). The Token will be stored within our solution.

    2. Sharing credential solution will apply the same way as it used to be. However there will be a token for accessing according to the customers (account holder) consent.

    3. One time access to account.
  • There is no transition needed. In this case, the customer has to access to account once for the initial creation of consent and the token. Therefore we expect that existing customers must reconnect their bank accounts once PSD2 is deployed.

How will you guarantee the coverage for banks (credential sharing) which enabled dynamic 2FA authentication for SCA? I saw your article about current affected banks (such as ING in Germany).

  • SCA will apply for each of the requests, the customer is actively (initially) creating. If there is a consent (e.g. PFM or accounting) for a longer period of time (e.g. 90 days), the token will authenticate us as agent acting on behalf of the customer. There is no SCA needed if number of automated requests is not higher than 3 times a day.

How do you handle eIDAS certificates?

  • Compared to other solutions, we have a concept of handling the eIDAS certificate requirements for our customers.
  • You just need to transmit the eIDAS certificate to us. That's it.