• Skip to primary navigation
  • Skip to main content
Cardspot

Cardspot

  • Home
  • About Us
  • Services
    • Brand Certification
    • Brand Consultancy
    • Observing Mandates
    • Issuer Consultancy
    • Acquirer Consultancy
    • Key Management
  • Blog
  • Contact Us
  • English
    • Hungarian

Who is compliant anyway?

Gábor Gazsó · 2018.07.09.

Those working for compliance of a bank with PSD2 in the EU are searching for the specifications, recommendations, or at least examples for their implementations. Some institutions have published such specifications, all providing different approaches. We can follow any of them, or, based on their experience, we can create our own specifications. Let’s have a look at them.

The Berlin Group is a pan-European payment interoperability standards and harmonization initiative. Version 1.1 was published on 11 May 2018.

Another option is the PSD2 API of STET, contributed by several French banks. Version 1.3 is available since 10 April 2018.

Open Banking Payment Initiation API version 1.1 and Read/Write Data API version 2.0 are other options. They were last modified on 30 November 2017 and 2 March 2018.

We usually analyze the specifications above during discussions as they seem to be open, most likely useful for Hungarian implementations.

Confusing terms

In my Article on the players of PSD2, I described the players and drew the main connections between them. Reading through “Opinion of the European Banking Authority on implementing the RTS on SCA and CSC“, published on 13 June 2018, I found the following statement. “Furthermore, Article 36(1)(b) of the RTS states that ASPSPs shall provide PISPs ‘with the same information on the initiation and execution of the payment transaction provided or made available to the payment service user’. In addition, Article 36(1)(c) of the RTS requires ASPSPs to provide immediate confirmation of whether or not there are funds available at the provider’s request, in a ‘yes or no’ format. The EBA wishes to clarify that Article 36(1)(c) applies to PSPs including CBPIIs and PISPs, rather than solely CBPIIs.”

First, we have to understand what CBPII means. CBPII stands for Card-Based Payment Instrument Issuer. EBA uses this term. This kind of entity is the same as PIISP (Payment Instrument Issuer Service Provider) in the picture of this article, which other parties use.

The data

Article 36(1) specifies what kind of data the ASPSP (Account Servicing Payment Service Provider, practically the bank) should give to payment service providers who use the API of the bank. The bank should offer three kinds of data.

Information about the bank account and transactions to the AISP. Information about the status of a payment transaction to the PISP. And confirmation of available funds to someone. Who is this someone? Considering the opinion cited above, confirmation of available funds should be available to PISP and PIISP. For this reason, I modified my picture to show it.

Who is compliant?

Let’s wait a bit, and let’s have a look at those standards mentioned at the beginning of this article!

At Berlin Group, PIISP is a role, which can initiate confirmation of available funds only. And only PIISP can start this kind of transaction. Therefore it seems that Berlin Group specification today is not compliant with the regulations if we consider the EBA opinion as cited above.

At STET, the Payment coverage check function is a part of the Payment Instrument Issuer Service, which belongs to the PIISP role and only to the PIISP role. So, it seems that, in this form, the specification doesn’t comply with EBA opinion.

At Open API, there is no such role as PIISP. And there is no such a function as a confirmation of available funds. So, if confirmation of available funds is a mandatory function, then this standard is out of scope.

Planning the solution, it’s a crucial question, where to go, what to follow. This question is a bit more complicated if there is no chance to select a certain standard, following it and specifying only the specialities of a country or an organization.

It seems that EBA has a different view on the role of the players of PSD2 than other parties do. Hopefully, they will work shoulder to shoulder to eliminate this difference because our tasks will be quite complicated if such differences arise during the implementation period.

About Gábor Gazsó

The author has more than 20 years of experience with bank card systems and smart card technology by working for issuers, acquirers and service providers.

Let us help you and get in touch with us. Contact Us

Copyright © 2023 · Cardspot Kft.

We collect cookies. Why? Accept
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT