The COVID-19 pandemic has caused an impact on open banking developments worldwide as regulators, financial institutions (FIs) and businesses set their sights on helping their current customers rather than future innovations. Implementing any new standards during the pandemic was off the table for many markets, though some regulators were left scrambling to figure out how the rules they already passed would adapt to life in lockdown.
Rules like the revised Payment Services Directive (PSD2) and the General Data Protection Regulation (GDPR) have been operating for several years in the European Union, for example, but there are different considerations when it comes to online transactions and privacy during a time when most consumers and businesses are operating indoors. Regulators are determining how to change these standards and where they apply for best results in a way that keeps both FIs, third-party providers and consumers as safe and secure as possible.
In the latest Merchants Guide to Navigating Global Payments Regulations, PYMNTS looks at the latest open banking developments in regions like the Asia-Pacific (APAC), the European Union and the United States. It also examines how open banking regulations could change in the future due to the influence of COVID-19 and how it is impacting data privacy perceptions for both consumers and governments.
Around The Data Protection World
The COVID-19 pandemic may have a significant impact on the way that open banking and privacy regulations develop in markets like APAC and the U.S., where regulators have been workshopping potential rules for several years. The virus could be one of the factors that leads to the passing of a federal rule regulating data privacy standards throughout the U.S. Seventy percent of U.S. legal officials already believe such a law is “very” or “extremely” likely, according to one recent survey. The fragmentation of data privacy standards means that many companies are left frustrated when trying to send critical healthcare or insurance data to different states during the pandemic. This confusion could potentially aid in the germination of a federal rule, similar to the E.U.’s GDPR regulation, to stop such frustrations from occurring during future events.
E.U. regulators are also attempting to keep consumers as safe as possible as the COVID-19 virus continues to spread. The European Banking Authority (EBA) is relaxing some of the E.U. standards for payment methods such as contactless payments in stores, in the hopes that this will encourage more consumers to use this method over one that could potentially aid the spread of the virus such as cash, checks or even plastic credit and debit cards. The EBA is waving authentication requirements for these payments to make contactless transactions quicker. Contactless purchases up to £45 ($56) had to be authenticated prior to COVID-19, but the EBA wants companies to move this limit up where possible to allow for more seamless contactless purchases while the pandemic persists.
FIs and businesses in the E.U. are also once again dealing with confusion over Strong Customer Authentication (SCA), as the updated deadline passed by in March. Companies need to make sure the way they are authenticating consumers is compliant with this rule, with them properly identified in two out of the three categories required by the rule, including knowledge, inherence and possession. One technology that could help with this authentication process — without adding more friction into the experience for impatient consumers — is authenticating them by keystrokes or by the way they type. This technology works on the backend and does not require consumers to spend precious time inputting any personal details, which means authentication could proceed at a faster pace. E.U. regulators approved this technology for SCA use in late 2019.
For more on these and other news, visit the Tracker’s News & Trends.
How Dubai and South Korea Are Approaching Consumer Trust
The aim of open banking is to enable easier connections between FIs, FinTechs and other third parties. Consumer trust is paramount to the success of this goal, and that has not changed during this time. Countries and regulators worldwide have been grafting rules designed to create more interoperability between both their own domestic FIs as well as foreign entities, where considerations over how to protect consumer data are primary concerns. Making sure that consumers’ information is stored and can be transferred safely is essential to open banking innovations, and this relies on the use of technologies like application programming interfaces (APIs). For the Tracker’s Feature Story, PYMNTS spoke with Evans Munyuki, chief digital officer for Dubai-based Emirates NDB as well as Jinyoung Choi, member of the Digital Finance Supervision Team for South Korea’s Financial Supervisory Service (FSS), to find out more about open banking in Dubai and South Korea.
How Open Banking And Data Privacy Is Developing In The APAC
Countries in the APAC region have been steadily shaping their open banking regulations for the past two years, following the EU’s lead when it comes to how they may want to treat online transactions or privacy standards. The COVID-19 pandemic may have stalled the ability of many of these markets to fully implement the rules they have been cultivating, however, and more so, the pandemic may well change how APCA regulators think about data privacy. Many in this region are still debating open banking rules, and the virus has created new questions for them to consider how they can be enforced or implemented. Examining what affect the COVID-19 outbreak may have on future rules is critical, both for regulators inside and outside of the APAC region, as open banking seeks to connect more banks and companies worldwide.
To learn more about open banking and privacy developments in the APAC, visit the Tracker’s Deep Dive.
About The Tracker
The Merchants Guide To Navigating Global Payments Regulations, powered by Ekata, is the go-to monthly resource for updates on the trends and changes regarding PSD2 as well as other privacy and data protection regulations.