180 days is not enough

The European Banking Authority (EBA) has closed its public consultation on amending Regulatory Technical Standards (RTS) for Strong Customer Authentication (SCA) and the 90-day exemption. Although the EBA proposes a mandatory exemption from SCA when access is through an Account Information Service Provider or licensed Third Party Provider, it does not resolve the core problem. The industry suggests extending the SCA renewal period to 365 days in the short term and managing consumer consent at the TPP level in the long term. The EBA acknowledges that current SCA has caused friction for customers and negatively impacted account information service providers, but more fundamental reform is needed.