August 18, 2023

Now you can enjoy 180 days of secure connectivity in Europe

Molly Swan

Last September, the FCA changed its 90-day reauthentication rules in the UK, changing consent to be TPP managed instead of being bank-led. Plaid implemented these changes  for its UK customers, offering a smoother and less obstructive user experience. Now, parallel changes are being introduced for European Union countries. The European Banking Authority (EBA) has revised its regulatory technical standards (RTS), extending the 90-day "reauthentication rule" to encompass a duration of 180 days.

What are the changes?

In the process of linking a new bank account to a fintech application or service through open banking, end users are required to provide explicit consent and complete Strong Customer Authentication (SCA) within their banking application or portal. Previously, this consent was valid for 90 days; however, it has now been extended to a period of 180 days. After these 180 days, end users need to reauthenticate with their bank if they wish to continue enjoying the benefits of open banking. By extending the duration of the consent, end users experience fewer interruptions while still remaining in control of the data they are sharing. End users are still able to revoke consent when desired.

How does this differ from the UK?

The re-authentication experience in the UK was overhauled to permit Third Party Providers (TPPs) like Plaid to handle the re-consent process. However, for European countries, this re-consent process must still take place within their respective banks via TPPs such as Plaid.

Which countries are affected by these changes?

All EU member states can take advantage of this change. Plaid customers will now see this change in the 15 EU countries we are live in - France, Germany, Ireland, Netherlands, Spain, Denmark, Norway, Poland, Sweden, Italy, Lithuania, Latvia, Estonia, Portugal and Belgium.

When will this reauthentication rule take effect?

The adjustments for Europe were officially announced on 5th December 2022. Account servicing payment service providers, such as banks, were required to conform to these changes by 25th July 2023. Plaid also updated its systems to enable EU customers to benefit from the change from that date.

Why is this important? 

Because of this change people in the EU can look forward to smoother and safer experiences when they use their favourite fintech apps and services in the modern banking world - reflecting the growing reality of growing and interconnected financial data landscapes, all the while ensuring user control at its core.