Open Banking Fraud Threatens to Completely Ruin the European Open Banking Ecosystem Warns Konsentus

Concentusis a global SaaS company that enables safe and secure data exchanges, and the serious risks facing European financial institutions operating in the open banking ecosystem due to the rise in open banking fraud. I have issued an urgent warning.

June 23, 2022, European Banking Authority (EBA) Publishing Opinions/reports In response to the European Commission’s Call for Advice (CfA) on the review of the Payment Services Directive (PSD2).

This report identifies significant issues and dangers associated with proving the identity and current regulatory authorization of Third Party Providers (TPPs) of open banking services.

Among the EBA’s 200 proposals are nine proposals for legislative changes that would reduce risk and enhance consumer protection by making real-time determinations of the TPP’s identity and current regulatory permissions.

It may take several years for the recommendations to come into force. This means banks will be exposed to the risks identified by the EBA for some time.

PSD2 enables open banking by requiring financial institutions to share their customers’ accounts with authorized third parties and fintechs. Open banking is now a major phenomenon, with billions of transactions per month in Europe and by 2024 he is expected to have 63.8 million users.

Where data is shared, banks must ensure they are providing information to the correct entity and are responsible for data provided to unauthorized third parties.

YOU MAY ALSO LIKE

Hong Kong Pioneering Digital Currency: Project e-HKD+

January 24, 2025

FiX25 Fintech Islands Experience: Catalyzing Innovation in the Caribbean

January 23, 2025

Revolutionizing Remittances: VCASH’s eNaira API Transforms Global Transfers

October 8, 2024

U.S Manufacturing New Federal Incentives and Their Impact on Fintech and Digital Finance

October 5, 2024

However, the regulatory permissions that allow the TPP to offer open banking services across the EEA are subject to change at any time. Banks may face regulatory fines and violate GDPR if they continue to share data with TPPs that do not have the appropriate regulatory status.

Brendan Jones, CCO, Konsentus said: They are responsible for both unauthorized access to data and unauthorized transactions, which can lead to reputational damage and significant financial loss.

The damage caused by high-profile regulatory actions could undermine confidence in the broader open banking ecosystem, hurting all players and slowing the pace of adoption across Europe. .

We welcome the EBAs recommendations but warn banks that they must act now to mitigate their risks. must solve their own identity and regulatory risks.

Konsentus has outlined nine major proposals for the EBA.

1. A central machine-readable database of all Payment Service Providers (PSPs) currently approved to offer Payment Initiation Services (PIS) and Account Information Services (AIS).
2. Ongoing checks to understand whether the TPP is authorized to perform the requested service on demand.
3. Address uncertainty beyond eIDAS certificates to understand TPP identities and their authorization status, services they can offer, and passport authorization.
4. Harmonization of data to avoid discrepancies between information contained in individual national registries and information contained in the EBA Central Registry to avoid errors or misuse of personal data.
5. Consistent data updates and common deadlines for updates to the EBA and national registries ensure that data is immediately available and erroneous account access decisions are avoided.
6. Reliable passport information and requirements for banks to check the TPP’s “home” central authority.
7. A duty of care to ensure that banks are responsible for protecting customer data and funds and minimizing financial and reputational damage.
8. A holistic view provided by a single database that provides complete visibility of all regulated Fintech TPPs and financial institutions empowered as TPPs.
9. Clarity in denying access to address uncertainty regarding the use and trust of eIDAS certificates for identification purposes to understand the TPPs identity, its passport status, and the services it can provide.

Konsentus enables financial institutions to make informed, real-time decisions about data sharing and API transaction requests by providing integrated data sourced directly from registers operated by EBAs and National Competent Authorities (NCAs) in European countries. Assist financial institutions with decisions. This ensures that your data is not passed to unauthorized third parties and avoids fines for PSD2 or GDPR violations.