[Openid-specs-fapi] How are TTPs vetted under PSD2?
BCostello at yodlee.com
Tue Jul 7 15:24:48 UTC 2020
Each EU member country’s National Competent Authority (NCA) adminIsters an authorization process for their PISPs and AISPs per PSD2 and the respective enacting regulations (eg PSR 2017 for the UK).
I went through the UK FCA’s process in 2018. Lots of focus on the customer journey and security detection and response.
It wasn’t the best assessment I’ve had, but certainly not the worst. Happy to share more if we’re thinking about raising the bar on certification standards or practices.
Brian J. Costello
Envestnet | Yodlee
c: +1 617 962 9742
On Jul 6, 2020, at 10:45 PM, Nat Sakimura via Openid-specs-fapi <openid-specs-fapi at lists.openid.net> wrote:
External email, verify before opening attachments or links.
It is not really a technical spec issue but just out of curiosity: How are the appropriateness of data handling etc. of the TTPs (i.e., Fintechs) get verified under PSD2? Is there some kind of rules? Who is verifying that the TPP is trustworthy?
Openid-specs-fapi mailing list
Openid-specs-fapi at lists.openid.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-fapi