References
Deloitte - PSD2 - Revised Payment Services Directive
The payment services ecosystem disrupted
PSD2 (Revised Payment Services Directive) entered into force in January 2016, after two years of drafts, amendments and negotiations. Member States now have two years to implement the Directive into national laws, a Directive that comes with extensive and important changes.
Read the entire article (2 min read)
Deloitte - European PSD2 Surveys
Latest insights into how banks and customers embrace open banking
The revised Payment Services Directive (PSD2) is a key regulatory initiative of the European Union that aims to facilitate innovation and competition in the financial services market by creating a level playing field for banks, emerging FinTechs and other third parties. In this way, it is designed to improve and broaden the spectrum of online financial services currently available to customers.
Read the entire article (5 min read)
PWC - PSD2 in a nutshell
An in-depth look at the new Directive
Read the entire article (20 min read)
McKinsey & Company - PSD2: Taking advantage of open-banking disruption
Europe’s second Payment Services Directive opens attractive opportunities for established payments organizations. But to win, banks will need to capture this disruption and turn it to their advantage.
Read the entire article (10 min read)
Open Banking Message Signing
Detached signatures and the struggle to verify them.
Message Signing
The Payment Initiation APIs in UK Open Banking mandate that from version 3.0 and above all inbound requests must be digitally signed by the API consumer and all responses likewise must be signed by the API provider. Ultimately this is to meet a non-repudiation requirement whereby both parties can assure themselves that the request and responses originated by the private key holder and no message tampering has occurred somewhere in the connection (although unlikely due to Mutual TLS for transport security, message signing simplifies the records management aspects).
Read the entire article (4 min read)
More Open Banking Message Signing
Tripping over Base64 encoding and implications for signing.
This post is focused on the Base64URL encoding and the potential pitfalls.
Read the entire article (5 min read)
Is your business sitting outside the ‘AIS perimeter’? 🤔
FCA comments on the agent-principal relationship for Account Information Service Providers
Read the entire article (5 min read)
Official list of Qualified Trust Service Providers (QTSPs) available in the European Union,
https://webgate.ec.europa.eu/tl-browser/
UK FCA The Perimeter Guidance Manual - Guidance on the scope of the Payment Services Regulations 2017
https://www.handbook.fca.org.uk/handbook/PERG/15.pdf
BNR - Romanian PSD2 law - “Legea nr. 209/2019 privind serviciile de plată şi pentru modificarea unor acte normative”
https://www.bnr.ro/apage.aspx?pid=404&actId=331235
BNR - Romanian PSD2 BNR guideline - “Regulamentul nr. 4/2019 privind instituţiile de plată şi furnizorii specializaţi în servicii de informare cu privire la conturi”
https://www.bnr.ro/apage.aspx?pid=404&actId=331295
Țuca Zbârcea & Asociații - NOI ACTORI PE PIAȚA SERVICIILOR FINANCIARE OPEN BANKING - PSD2
Read the entire article (5 min read)