[Openid-specs-fapi] EBA Regulatory Technical Standards

Tue Jun 13 08:29:31 UTC 2017

In the UK, we have the PayM scheme: https://www.paym.co.uk/faqs/
This essentially allows mobile numbers to be mapped to bank accounts - but
the sender of money gets a chance to confirm the name of the
recipient before making the transfer. I understand that they are adding in
the ability to use other identifiers, e.g. email addresses.

Take-up in the UK has been fairly slow though.

On 13 June 2017 at 04:58, Nat Sakimura <n-sakimura at nri.co.jp> wrote:

> I will add this to tomorrow’s agenda.
>
>
>
> From the article, what I gathered is that it is a phone number/email
> address to account identification info discovery service.
>
> Is that correct?
>
>
>
> In Japan, a bank account to another bank account transfer is almost
> instantaneous and the fee is free in many cases.
>
> The user interface sucks a bit as you have to identify the recipient
> account by specifying bank name/number, branch name/number, account type,
> and the account number. (In most cases, you can bookmark it so that you do
> not have to specify them from the second time.) If there is a phone number
> to account info service, it will be pretty much the same, I guess.
>
>
>
> One of the problem that I find with the phone number / email approach is
> the possibility of the identifier recycle but I guess it is coped by
> showing the use the recipient name etc. It would work unless the new owner
> has the same name as the old owner of the number/email. Email is more
> likely to fall into this pitfall as John.Smith at yahoo.com probably would
> be picked up by another John Smith.
>
>
>
> --
>
> PLEASE READ :This e-mail is confidential and intended for the
>
> named recipient only. If you are not an intended recipient,
>
> please notify the sender  and delete this e-mail.
>
>
>
> *From:* Openid-specs-fapi [mailto:openid-specs-fapi-
> bounces at lists.openid.net] *On Behalf Of *Brian Costello via
> Openid-specs-fapi
> *Sent:* Tuesday, June 13, 2017 4:17 AM
> *To:* Tom Jones <thomasclinganjones at gmail.com>; Financial API Working
> Group List <openid-specs-fapi at lists.openid.net>; Dave Tonge <
> dave.tonge at momentumft.co.uk>
>
> *Subject:* Re: [Openid-specs-fapi] EBA Regulatory Technical Standards
>
>
>
> Indeed.  This is the “upgrade” from ClearXchange, with Early Warning (bank
> owned) as the service provider.
>
>
>
> *From:* Openid-specs-fapi [mailto:openid-specs-fapi-
> bounces at lists.openid.net] *On Behalf Of *Tom Jones via Openid-specs-fapi
> *Sent:* Monday, June 12, 2017 10:57 AM
> *To:* Dave Tonge <dave.tonge at momentumft.co.uk>; Financial API Working
> Group List <openid-specs-fapi at lists.openid.net>
> *Subject:* Re: [Openid-specs-fapi] EBA Regulatory Technical Standards
>
>
>
> looks like the US banks have build their own payment network.
>
>
>
> https://www.nytimes.com/2017/06/12/business/dealbook/
> mobile-banking-zelle-venmo-apple-pay.html?module=WatchingPortal&region=c-
> column-middle-span-region&pgType=Homepage&action=click&
> mediaId=thumb_square&state=standard&contentPlacement=4&version=internal&
> contentCollection=www.nytimes.com&contentId=https%3A%2F%
> 2Fwww.nytimes.com%2F2017%2F06%2F12%2Fbusiness%2Fdealbook%
> 2Fmobile-banking-zelle-venmo-apple-pay.html&eventName=
> Watching-article-click&_r=0
>
>
>
>
>
> On Wed, Jun 7, 2017 at 7:52 AM, Dave Tonge via Openid-specs-fapi <
> openid-specs-fapi at lists.openid.net> wrote:
>
> Hi John and FAPI list members,
>
>
>
> Apologies my mic wasn't working on the call, but here is a quick update on
> the Regulatory Technical Standards on Strong Customer Authentication for
> PSD2.
>
>
>
> The EBA's final draft is here:
>
> https://www.eba.europa.eu/documents/10180/1761863/Final+
> draft+RTS+on+SCA+and+CSC+under+PSD2+%28EBA-RTS-2017-02%29.pdf
>
>
>
> This draft includes their responses to feedback.
>
> FAPI sent the following feedback:
>
> https://www.eba.europa.eu/regulation-and-policy/payment-
> services-and-electronic-money/regulatory-technical-
> standards-on-strong-customer-authentication-and-secure-
> communication-under-psd2?p_p_auth=uy1W7oVC&p_p_id=169&p_p_
> lifecycle=0&p_p_state=maximized&p_p_col_id=column-2&
> p_p_col_pos=1&p_p_col_count=2&_169_struts_action=%2Fdynamic_
> data_list_display%2Fview_record&_169_recordId=1617559
>
>
>
> You will notice in their feedback they ignore the issue of the confusion
> between authentication and authorisation.
>
>
>
> The Commission has recently published a proposed amended version of the
> RTS:
>
> https://www.eba.europa.eu/documents/10180/1863077/
> RTSEBA24052017.pdf/0e8f0242-8964-473d-8495-184fec286519
>
>
>
> The changes made in the amendment are detailed in this letter:
>
> https://www.eba.europa.eu/documents/10180/1806975/%
> 28EBA-2017-E-1315%29%20Letter+from+O+Guersent%2C%20FISMA+re+
> Commission+intention+to+amend+the+draft+RTS+on+SCA+and+CSC+-
> Ares%282017%292639906.pdf/efbf06e1-b0e9-4481-88e5-b70daa663cb9
>
>
>
> There is currently uncertainty as to whether the amended draft will be
> adopted. From a bank and TPP perspective here in the UK we believe that the
> amendments will have unintended consequences and will publish a letter
> shortly where we detail our concerns.
>
>
>
> Further to the RTS (which is more about principles than technical
> standards) the Euro Retail Payments Board at the European Central Bank is
> working on actual technical standards to be promoted across the EU for
> PSD2. Their latest report is attached and it is from this report that we
> started consideration of CIBA to support "decoupled" flows.
>
>
>
> FAPI also drafted a letter to the ERPB working group which I've also
> attached.
>
>
>
> I'm happy to answer any questions the group may have regarding these
> documents.
>
> It is worth noting that in the UK, the Financial Conduct Authority and Her
> Majesty's Treasury have both endorsed the work of OpenBanking Ltd on the
> Open Banking Standard:
>
>
>
> FCA Approach Doc 17.66
> <https://www.fca.org.uk/publication/consultation/cp17-11-draft-approach-document.pdf>
> :
>
> *During the period before the SCA-RTS becomes applicable, the parties may
> find it helpful to take account of industry standards which are being
> developed as a result of the Competition and Markets Authority’s Open
> Banking Remedy*
>
>
>
> HMT Consultation on PSD2 6.10
> <https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/589023/implementation_of_revised_EU_directive.pdf>
> :
>
> *The government therefore sees the PSDII implementing regulations as
> providing the legislative foundations on which the Open Banking API
> Standard then sits. Although APIs are only one method by which ASPSPs could
> provide the access to AISPs or PISPs mandated under the PSDII, the
> government believes a commonly utilised API framework will lead to greater
> competition in the retail banking and “third party” services market and
> better outcomes for payers and other end users. *
>
>
>
>
>
> On a final note, a number of the "CMA9" banks who are mandated to
> implement the Open Banking Standard have operations in other EU states
> (e.g. Danske, AIB, BOI) and my understanding is that they want to use the
> standard not only in the UK but for all their operations.
>
>
>
> Hopefully we will see increased adoption of FAPI over the coming months.
>
>
>
>
>
> --
>
> *Dave Tonge*
>
> CTO
>
>
>
> 10 Temple Back, Bristol, BS1 6FL
>
> *t: *+44 (0)117 280 5120 <+44%20117%20280%205120>
>
>
>
> Moneyhub Enterprise is a trading style of Momentum Financial Technology
> Limited which is authorised and regulated by the Financial Conduct
> Authority ("FCA"). Momentum Financial Technology is entered on the
> Financial Services Register (FRN *561538*) at fca.org.uk/register.
> Momentum Financial Technology is registered in England & Wales, company
> registration number *06909772* © . Momentum Financial Technology Limited
> 2016. DISCLAIMER: This email (including any attachments) is subject to
> copyright, and the information in it is confidential. Use of this email or
> of any information in it other than by the addressee is unauthorised and
> unlawful. Whilst reasonable efforts are made to ensure that any attachments
> are virus-free, it is the recipient's sole responsibility to scan all
> attachments for viruses. All calls and emails to and from this company may
> be monitored and recorded for legitimate purposes relating to this
> company's business. Any opinions expressed in this email (or in any
> attachments) are those of the author and do not necessarily represent the
> opinions of Momentum Financial Technology Limited or of any other group
> company.
>
>
> _______________________________________________
> Openid-specs-fapi mailing list
> Openid-specs-fapi at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-fapi
>
>
>
>
>
> --
>
> ..tom
>
>
>

-- 
Dave Tonge
CTO
[image: Moneyhub Enterprise]
<http://www.google.com/url?q=http%3A%2F%2Fmoneyhubenterprise.com%2F&sa=D&sntz=1&usg=AFQjCNGUnR5opJv5S1uZOVg8aISwPKAv3A>
10 Temple Back, Bristol, BS1 6FL
t: +44 (0)117 280 5120

Moneyhub Enterprise is a trading style of Momentum Financial Technology
Limited which is authorised and regulated by the Financial Conduct
Authority ("FCA"). Momentum Financial Technology is entered on the
Financial Services Register (FRN 561538) at fca.org.uk/register. Momentum
Financial Technology is registered in England & Wales, company registration
number 06909772 © . Momentum Financial Technology Limited 2016. DISCLAIMER:
This email (including any attachments) is subject to copyright, and the
information in it is confidential. Use of this email or of any information
in it other than by the addressee is unauthorised and unlawful. Whilst
reasonable efforts are made to ensure that any attachments are virus-free,
it is the recipient's sole responsibility to scan all attachments for
viruses. All calls and emails to and from this company may be monitored and
recorded for legitimate purposes relating to this company's business. Any
opinions expressed in this email (or in any attachments) are those of the
author and do not necessarily represent the opinions of Momentum Financial
Technology Limited or of any other group company.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20170613/c86ed793/attachment-0001.html>