Global Data published on March 27, 2017 a report called "Banking as a Marketplace: Opportunities and Threats" mentioning our Head of Product Management opinion, Dean Young, on PSD2 risks associated with data control and security.
Data security is a huge issue, and much of the preparatory work around PSD2 and the UK’s open banking initiatives is concerned with agreeing standards, protocols, and procedures for the secure sharing of information, and agreeing the division of responsibilities in the event of problems. According to Dean Young, head of product management and delivery at eWise, procedures for dispute handling are yet to be agreed upon. He also stated that responsibility for security is being devolved to the banks, meaning individual providers may implement authentication procedures in different ways, thus making the adoption of a common standard more difficult.
One aspect of PSD2 that will work to the advantage of incumbent banks with respect to data control is that, although the directive will force banks to offer third parties full access to “non-sensitive” data, it will be left to the banks to decide which data qualifies as non-sensitive. Banks, being risk-averse – as well as wanting to protect their market position – may decide to err on the side of caution in this respect in order to limit their exposure from a liability and compliance perspective.