European bank lobby associations against screen scraping
The European bank associations have recently intensified their campaign against automated direct access, also known as ‘Screen Scraping'.
. A video they created suggests this is bad practise, although the European Banking Authority (EBA) has already accepted screen scraping as compliant with the second Payment Service Directive, if undertaken by a duly licensed Third Party Provider (TPP) that has properly identified itself towards the bank.
Screen scraping simply refers to the practice of automating any internet browsing interaction, in this case with a bank, using their existing, direct customer user interface (online banking) with the customer’s permission. It is a well-established technology heavily used by the banks themselves and also by several practises outside of the financial sector, such as price comparison sites and search engines.
The banks are now lobbing the PSD2 legislator to give them the right to decide who shall be allowed to use it or not, because it would give them the power to end most of their existing TPP competitors, which rely on this technology. Their intention is to block TPPs from identifying themselves at their direct access customer facing (online banking) interface, knowing that such identification is mandatory under PSD2 to ensure that only licensed TPPs can access their accounts. To add insult to injury, their video then claims that it is the TPPs who do not want to identify themselves and impersonate the end customer instead.
PSD2 aims to strengthen payment security, bringing more supervision and less flexibility, for banks and fintech’s alike. PSD2 licenced software will be under continuous auditing to ensure compliance and protection of customer data. Even without such supervision, to date and for over 15 years, there has been no single instance of data leakage or compromised credentials as a result of screen scraping, providing no reason for concern around the security of the technology.
While the banking lobby is free to express their concerns around the regulation and claim to have customer’s best interests at heart, they do not have the right to incorrectly portray TPPs as cybercriminals to maintain control of the market. Their campaign and video could severely hamper the European fintech industry.