Today we celebrate the first ‘birthday’ of the Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA). 14 September 2019 was the date that marked the go-live of key security requirements for third party access to payment accounts (XS2A). Since then, banks have been required to open up certain payment functionalities and account data to licenced third-party providers (TPPs) with the customer’s consent.
This has created new possibilities for innovation in the European market by enabling market players - with or without a payments background - to develop new digital transaction services. Now, precisely one year on, there is still some work to do on bank API implementations and end-user adoption of new services. Nevertheless, it is also an excellent time to look at the PSD2 state of play and see how the TPP ecosystem has evolved.