Open Letter: A fraud solution and more: the importance of getting open banking right in the PSRs

Nilixa Devlukia, Chair, Open Finance Association 

25 June 2025

The new payment regulations are a pivotal opportunity to build on the success of PSD2, and the recent ground breaking Instant Payment Regulations which have already made Pay by Bank (open banking powered account-to-account payments), a competitive, resilient, pan-European payment method. 

As the negotiations on the Payment Services Regulations reach their final stage, we examine what the rules (as currently drafted) mean for open banking enabled payments. 

A consistent framework 

Open banking relies on banks and fintechs following both rules and technical standards. These rules and standards cover everything from what accounts banks need to make available via an interface (API), to what data the communication messages between fintechs and banks must include, and what authentication of a payment entails. PSD2 did a good job of creating the overall framework. The majority of banks in every member state built secure APIs meaning that EU consumers can use open banking payments wherever they are in the EU. However, not all banks have implemented the rules to the same degree, or quality. In many cases, banks’ minimal compliance with the rules has led to poor user experience, badly performing APIs and low levels of support. 

Moving technical standards into a Regulation, and introducing new enforcement powers (fines for non-compliance) will help to level-up open banking. But the rules need to be clear on what good implementation looks like. 

Rules on obstacles to open banking should be strengthened with a focus on enabling a level playing field for payment competition and supporting good user experience for open banking. Pay by Bank should not be disadvantaged vs. card payments or local bank-led A2A schemes (for example, with respect to user journeys when authenticating payments). Practices that create burdens and friction for consumers using Pay by Bank should be prohibited. 

Fraud 

Worries about fraud – particularly following the introduction of Instant Payment Regulations have dominated negotiations on the PSRs. Pay by Bank is part of the solution to fraud, eliminating as it does the sharing of sensitive payment details, and the need for consumers to input payee details (where they can be tricked or make mistakes). Due diligence undertaken by payment initiators on payees also closes down opportunities for fraud. 

Rules designed to help banks prevent their consumers from making payments directly to fraudsters (such as risk screens, verification and payment delays) are not necessary when a regulated payment initiator is controlling the destination of a payment. Conversely, such measures can create undue friction for Pay by Bank, and dissuade consumers from using it. This has already been acknowledged in the Instant Payment Regulations, and should be borne in mind for the PSRs. 

Recurring payments 

While PSD2 was revolutionary in requiring banks to support single immediate payments via open banking APIs, the PSRs does not unlock any new payment functionality. It does not require banks to support recurring payments via API. Instead, it acknowledges work underway by industry schemes to create recurring payments ‘premium APIs’. 

While we support industry efforts such as the SEPA Payment Account Access (SPAA) initiative , we are concerned that no progress has actually been made towards unlocking premium APIs, because of a lack of bank participation in the schemes (while payment initiators have participated in the scheme since the start of 2024). We suggest the PSRs should commit the Commission to reviewing the progress of such industry schemes, and if no progress has been made, consider legislative solutions to unlock the much needed functionality. 

An EU payment solution 

Reducing external dependencies is a strategic area of focus for Europe, including in the area of payments, where open banking payment architecture has been developed in the EU by EU firms and organisations. It’s already in place and gaining adoption. With optimisations from PSR and the Instant Payment Regulations, Pay by Bank can be part of the EU’s strategy for payment independence and sovereignty. The PSR must ensure Pay by Bank can compete on a level playing field for this to remain the case. 

About the Open FInance Association 

The Open Finance Association represents companies focused on empowering consumers and businesses through opening up financial data and payments. We believe secure, open APIs (application programming interfaces) are key to competition and innovation in this space. ​