Tuesday, 17 September 2019

Questions (119, 121)

Michael Healy-Rae


119. Deputy Michael Healy-Rae asked the Minister for Finance if he will address a matter (details supplied) regarding open banking rules; and if he will make a statement on the matter. [37055/19]

View answer

Brendan Griffin


121. Deputy Brendan Griffin asked the Minister for Finance if the deadline will be extended for the implementation of the new open banking rules (details supplied); and if he will make a statement on the matter. [37104/19]

View answer

Written answers (Question to Finance)

I propose to take Questions Nos. 119 and 121 together.

The second Payment Services Directive (or “PSD2”) was transposed into Irish law last year through the European Union (Payment Services) Regulations 2018 (S.I. No. 6 of 2018).  PSD2 is supplemented by a European Commission Delegated Regulation (2018/389) with regard to regulatory technical standards for strong customer authentication.

These rules on strong customer authentication protect consumers and other users of payment services. They provide stronger protection against fraud, particularly online card fraud. Strong customer authentication is based on the use of two independent elements which must come from two of the three categories of possession, knowledge and inheritance. Chip and PIN, for example, relies on the chip on a payment card (something you have) and a PIN (something you know) to perform strong customer authentication. For this reason, sales in physical shops already comply with the requirements and it is in online ecommerce sales that a change will be seen.

The deadline set for compliance with the regulatory technical standards on strong customer authentication was 14 September 2019. The Central Bank of Ireland, however, stated in a notice on 8 August that it recognised the difficulties with meeting this deadline. In line with the opinion of the European Banking Authority published in June, it announced that a limited migration period would be put in place for firms it regulates. The migration period relates to ecommerce transactions only and is being put in place to ensure no disruption to payments systems from 14 September.

The Central Bank has been engaging with the industry to develop a migration plan to implement strong customer authentication for ecommerce transactions as soon as possible after this date. It has stated that it will continue to engage with the European Banking Authority and other National Competent Authorities in the European Union in relation to this issue, aiming to agree a harmonised approach to the migration time periods across the European Union. The Central Bank has committed to continue to communicate on this issue and an announcement on the new deadline may be expected shortly.