UK’s FCA Scraps 90-Day Reauthentication Open Banking Rule


The U.K.’s Financial Conduct Authority (FCA) has scrapped the 90-day reauthorization requirement, a move seen as a boon for the open banking sector.

Currently, consumers using open banking services that give third-party providers (TPPs) such as apps or peer-to-peer (P2P) lending platforms access to their main bank account must reauthenticate with their account servicing payment service providers (ASPSPs) every 90 days to reconfirm permission.

According to the FCA statement, it was important to scrap the requirement because the 90-day rule “creates friction when using TPP services and increases the likelihood of customers dropping off.” The independent body has proposed, however, that the requirement be placed on third-party providers (TPP) accessing the service.

Related: FCA Proposes Changes That Remove ‘Barriers’ to Growth And Innovation in UK Payments

Aside from the 90-day rule, the U.K. watchdog ruled on the use of existing customer interfaces or modified customer interfaces to access customers’ payment accounts which it said was another barrier “to continued growth, innovation, and competition in the payments and e-money sector, in particular for open banking.”

See: How Banks and Payment Providers Are Addressing PSD2 and SCA Complications

Because many TPPs struggle to use the interfaces due to their complex design, certain ASPSPs, including payment service providers such as banks and credit card firms, now have 18 months to provide dedicated interfaces to enable TPP access to customer account information for retail and small business payment accounts.

Read more: SecurionPay on Tapping Automation to Meet PSD2’s SCA Mandate

Earlier this year, the financial regulatory body launched an open consultation proposing changes to the European Union’s SCA-RTS — the European Banking Authority’s regulatory technical standards on Strong Customer Authentication and Secure Communication (SCA) — under which the reauthentication rule was covered.

The EU regulation seeks to regulate the type of access payment service providers (PSPs) have to customer payment account data held at ASPSPs but meeting the robust customer authentication measures has been a challenge for businesses struggling to comply with the rules.

You might also like: FIS On Tapping Delegated Authentication To Tackle SCA Requirements

Contactless payments were another area tackled by the FCA, with a proposal to increase single transaction limits to 100 pounds and cumulative transaction limits from 130 to 300 pounds.