Account information services and payment initiation services in connection with ZaDiG 2018 - account access by third-party providers from 14/09/2019
With the implementation of the EU Directive 2015/2366 (Payment Service Directive 2 - PSD 2 through the National Payment Services Act - ZaDiG 2018, banks are obligated from 14.9.2019 onwards to make it possible for Third-Party Providers (TPP) to have technical access to the payment transaction accounts of their customers available via online banking; other forms of accounts such as savings or securities accounts, etc. are not affected by this.
Account information services, payment initiation services
There will be two types of third-party providers: Account information service providers and payment initiation service providers.
A TPP must be registered officially as an account information service provider and/or payment initiation service provider and/or must acquire a concession; a TPP can also offer both types of services.
On behalf of his customer, an
- Account information service provider account can collect information (account balance, turnover) on customer-defined payment accounts.
- Payment initiation service providers send a payment order at the expense of a payment transaction account to the bank with whom the account is held for execution.
The services that the TPP offers its customers with the latter’s data are solely the responsibility of the TPP; the bank has no influence over them.
The data exchange between the TPP and the bank with whom the account is held is only correct if the TPP identifies itself technically with every connection to the bank and the customer has actively concluded a contract with the TPP. The bank has no knowledge of the existence and the contents of the contract, but it may assume that there is such a contract if the TPP uses the technical access on behalf of the customer.
Moreover, there must always be an authentication and authorisation of the customer by means of the Internet bank security features created by the customer’s bank (PIN, user number, TAN).
Prerequisites for the legitimate account access by third-party providers
- The customer has actively concluded a contract with the third-party provider
- The customer has an active Internet banking authorisation with the bank with whom his or her account is held and the defined payment accounts are activated for Internet banking (e.g. online banking or BusinessNet).
- The TPP is registered with the competent authority as an account information service provider and/or payment initiation service provider and/or has the required concession.
- The TPP identifies itself upon each connection to the bank; no contractual relationship is required between the TPP and the bank with whom the account is held.
- The bank with whom the account is held has defined and published a technical access for the TPP, via which the data exchange between the TPP and the bank must take place.