The European Union is leading the way in the move towards the creation of a single digital market. The many advantages that a digital business has over it’s more traditional counterparts are only amplified when such businesses are allowed to operate seamlessly across multiple markets. The harmonization and standardization of regulations regarding digital signatures, electronic verification and digital payments can create wonderful opportunities for FinTech companies and technological innovators. It essentially creates a large pan European single digital market which is open to these companies to innovate in.
Made for each other - eIDAS and PSD2
The PSD2 aims to revolutionize the digital payments market by allowing for unfettered innovation by third party FinTech companies. Account Information Service Providers (AISP) can retrieve and present bank account information by plugging into banks through open APIs. Payment Initiation Service Providers (PISP) can go a step further and even let the users initiate transactions using their platforms rather than by logging into their bank accounts.
The eIDAS regulation complements the additional functionality which is brought in by the PSD2. AISPs and PISPs needs to interface with existing core banking systems in order to access relevant customer data and provide their services. eIDAS provides the tools necessary to meet the obligations regarding security, authentication and document verification. Member notified eIDs which provide the “high” level of assurance, can be used across the EU to open a bank digitally in any member country. The eIDAS regulation provides standardization for this process across the entire bloc.
Ongoing efforts on the regulatory front
The European Banking Association is also actively considering using eIDAS as a means of providing secure communication and positive authentication for use by PSD2 service providers. A discussion paper was floated to seek industry opinion on this and feedback received there would be used to draft the Regulatory Technical Standards in January 2017.
As per the EBA discussion paper, “the qualified trust services provided by qualified trust service providers” under eIDAS can also be of relevance for the identification between the AIS or PIS providers with the Account Servicing Payment Service Providers (ASPSPs), as well as for ensuring the integrity and correctness of the origin of the data transmitted between AIS or PIS providers and the ASPSPs.” The qualified electronic signature will have the same legal relevance as a wet signature and a similar treatment is provided for electronic seals which can help with establishing the integrity and verifying the origin of the data as well.
Further, a green paper on retail financial services was also issued which outlines how eIDAS could be used to enable digital payments, KYC processes and the services which are envisioned under the PSD2.
Harmonization across the bloc
The intention behind all of this is to use eIDAS to provide the security framework that would enable service providers to offer end to end and truly digital banking and payment services. This was already possible under certain circumstances but the process was not standardized and this led to low adoption rates. With the harmonization that will be brought in with the formal adoption of these directives, a single digital market for FinTech companies would indeed materialize. The potential business opportunities that this enormous new marketplace creates would be open for anyone to take advantage of and if done correctly, everybody wins.
References and Further Reading
- Selected articles on Authentication (2014-16), by Heather Walker, Luis Balbas, Guillaume Forget and Dawn M. Turner
- Selected articles on Electronic Signing and Digital Signatures (2014-16), by Ashiq JA, Guillaume Forget, Peter Landrock, Torben Pedersen, Dawn M. Turner and Tricia Wittig
- REGULATION (EU) No 910/2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (2014) by the European Parliament and the European Commission
- Recommendations for the Security of Internet Payments (Final Version) (2013), by the European Central Bank
- Draft NIST Special Publication 800-63-3: Digital Authentication Guideline (2016), by the National Institute of Standards and Technology, USA.
- NIST Special Publication 800-63-2: Electronic Authentication Guideline (2013), by the National Institute of Standards and Technology, USA.
- Security Controls Related to Internet Banking Services (2016), Hong Kong Monetary Authority