In information published on 11 September 2019, the FMA stated that until all technical difficulties have been remedied that the previous methods used by third-party providers for accessing payment accounts (via screen scraping) shall continue to be accepted by the supervisor, in order to guarantee seamlessly functioning payment transactions.
In this regard, several enquiries have been made to the FMA, for which reason the following clarification is being issued:
- Third-party providers are obliged when using the previously used access methods, to identify themselves pursuant to the Article 34 of Delegated Regulation (EU) 2018/389 (the “RTS”) towards account servicing payment service providers.
- Strong customer authentication (“SCA”) pursuant to Article 87 para. 1 of the Payment Services Act 2018 (ZaDiG 2018; Zahlungsdienstegesetz 2018) must also take place when relying on the access methods previously used by third party providers.
Using previously used access methods will only be accepted until the end of 31 December 2019 and only in the case that the dedicated interface of the account servicing payment service provider does not fulfil the level of availability and performance pursuant to Article 32 RTS and a functioning contingency mechanism pursuant to Article 33 RTS has not been implemented. Thereafter, the third-party providers’ access methods mentioned above will no longer be accepted.
Where, on the other hand, the dedicated interface fulfils the level of availability and performance defined in Article 32 RTS and a functioning contingency mechanism pursuant to Article 33 RTS has been implemented by the account servicing payment service provider, they must be used by the third-party providers.