EU fires starting gun for banks vs. fintech fight over
payments
Send a link to a friend
 [November 27, 2017]
By Huw Jones
LONDON (Reuters) - The European Commission
approved rules on Monday to increase competition and toughen up security
in how people pay for goods and services across the European Union,
pitting banks against financial technology firms.
The rules flesh out an update to the bloc's payment services law and are
among the most disputed in recent financial regulation, sparking intense
lobbying as banks and fintech firms clashed over access to customer
data.
"These new rules will guide all market players, old and new, to offer
better payment services to consumers while ensuring their security,"
European Commission Vice President Valdis Dombrovskis said in a
statement.
Brussels hopes that by boosting ecommerce it can erase borders in
trading to increase growth.
The revised law comes into force on Jan. 13, though some of the security
elements approved on Monday won't be binding until September 2019 to
give banks and fintech firms time to adjust.
The rules will require two security features for online or
"bricks-and-mortar" shops, instead of a single password or details on a
credit card at present, to help crack down on fraud.
Features accepted include a password, "PIN" code, card, mobile phone,
iris scan or fingerprint. Exemptions for "contactless" payments over 50
euros would continue.
The EU executive has sought to tread a fine line between banks which
complain that giving too much access to accounts could weaken security,
and fintechs who accuse banks of thwarting competition.
[to top of second column] |
European Commission Vice-President Valdis Dombrovskis addresses a
news conference at the EU Commission headquarters in Brussels,
Belgium May 22, 2017. REUTERS/Francois Lenoir
"At a time when cybersecurity becomes increasingly important the EU risks
introducing a system for online payments that is potentially harmful for bank
account holders and the banks that offer these accounts," the European Banking
Federation said in a statement.
Account holders must give permission for their data to be accessed by a licensed
third party who wants to offer payment services that do away with the need for a
credit card, or services that offer an overview of different accounts and
balances.
In a nod to banks, the rules stop so-called "screen scraping" or a fintech
obtaining broad data by using a customer's security credentials, so that its
identity is not revealed to the bank.
In a nod to fintechs, banks will have to give access to a third party either by
adapting a bank's online customer interface, or by creating a new, dedicated
interface for fintech firms. If a dedicated interface is used, there must be a
"fall-back" option if it goes down.
EU states and the European Parliament have three months to object to any of the
rules.
(Reporting by Huw Jones, editing by David Evans)
[© 2017 Thomson Reuters. All rights
reserved.] Copyright 2017 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
 |
