Contingency Mesures for a dedicated interface 

Principle

In order to comply with PSD2 regulation, ASPSP from Groupe BPCE available on this 89C3 API dev portal have setup contingency measures in case of unplanned unavailability of the dedicated API interface.

The principle of this « fallback » solution is explained below:

  Fallback principle TTS

 

Version History

This fallback solution meets PSD2 regulatory requirements (article 33 / RTS). It has functional limitations which are described in the “limits” section.  

As a reminder: 

In France, the ordinance n° 2017-1252 of August 9, 2017 implements the PSD2 directive into the regulatory section of the monetary and financial code. This ordinance has been supplemented by two decrees (n° 2017-1313 and n° 2017-1314), and five orders that were published on August 31, 2017

You can also refer to the FAQ section and the virtual assistant about this regulation.

 

Roadmap

Find below our provisional roadmap.

Version

Features

Sandbox

Deployment date

89C3 API Dev Portal & Sandbox

Live

Deployment date

89C3 Live API Gateway

v1.0
  • Fallback (*)
Not applicable Septembre 2019

(*) Main features :

  • Use the same API dedicated interface endpoint. A parameter (header 'fallback' present or absent) managed directly by the TPP allows do differentiate a « Fallback » request from a dedicated interface PSD2 API request ; 
  • Use of same TPP eIDAS certificate (QWAC) to be presented for mutual TLS authentication ;
  • Use the same PSU authentication procedure and means for accessing online banking services ;
  • This fallback solution is always active, even so the dedicated interface API must be used systematically in first priority. Its usage is subject to strict conditions as described in Article 33 of RTS, and can’t be used as the main access for PSD2 features. It will be monitored as such and every abuse will be automatically reported to our national competent authority.

Functional Limits 

Limitations of this fallback mechanism are as follows:

  • No re-use of the API dedicated interface context, neither any of 90-day validity access token generated for AISP role ;
  • Sole online banking features will be accessible thru fallback mode. As an example, online banking doesn’t propose any e-commerce transactions to customers. PISP could NOT propose this feature in fallback mode.
  • The user of payment services (PSU) must be connected to PSP app. So no AISP batch process is possible.
  • PSD2 also impose a reinforcement of strong customer authentication (SCA, except exemption use cases) for accessing direct online banking services. Therefore fallback mechanism leverage on reinforced PSU online banking authentication procedures and means such as (non exhaustive list) :   
    • Soft token ;
    • OTP SMS ;
    • Physical token (corporate market).

Limitations on data

This fallback solution is not available in sandbox environment with test data.

The bank institutions code for this solution is the same as for API access. The parameter "bankcode" will allow you to setup the right customer database thru the same API dedicated « endpoint » for each bank setup to the following format: www.<bankcode>.live.api.89c3.com

 

Eligibility

This fallback mechanism can only be used by Payment Service Providers (PSP) having AISP and/or PISP role. 

In order to provide a service to users of payment informations services under PSD2 directive, you must be a licenced PSP such as credit institution, electronic money institution, and payment institution. This status is delivered by the financial authorities of the country where the request is made ; in France it is the "Autorité de Contrôle Prudentiel et de Résolution (ACPR), under the supervision of the Banque de France regulatory body :

https://acpr.banque-france.fr/sites/default/files/medias/documents/jch_20180403_conference_securite_des_paiements.pdf

Obtaining and maintaining such agreement requires rigorous procedures in order to give strong guarantees to the account information services users. The forms are provided on the ACPR website : 

https://acpr.banque-france.fr/en/authorisation/banking-industry-procedures/all-forms 

You can also refer to the FAQ section or our virtual assistant for any further question.