You probably already know that the Cake app brings together all of your accounts and transactions from multiple banks. What you might not know is that all of this is possible thanks to the European PSD2 directive.
This directive stipulates that you, and not your bank, are the sole owner of your bank details. In other words you, as a European consumer, can oblige your bank to share your data with other (licensed) third parties such as Cake. After all, it’s your data and it’s up to you to decide. 👍
The PSD2 rules became applicable on 14 September 2019.
In order to connect your account to Cake, each bank must provide an API. This is a secure connection that allows our app to ‘talk’ to your bank account and exchange information.
On 14 September, almost 9 months ago, all banks had to make their API available to licensed payment institutions, like Cake. 🍰
Although the banks are legally obliged to have their API available, almost 9 months later we still suffer from non-resolved issues as well as new emerging issues with these APIs. These issues are still of such nature that they prevent us from providing a proper service or in some cases even prevent us from connecting at all, like with BNP Paribas Fortis. 😟
We have been working on these issues continuously. We even joined A78, a lobby organization that unites all Belgian payment institutions licensed by the National Bank of Belgium (NBB), to represent and defend their interests.
The primary objective of A78 is to ensure that consumers in the Belgian payment landscape can effectively receive the services they are legally entitled to under the PSD2 regulatory framework. Therefore A78 has started a constructive industry-wide dialogue with the National Bank of Belgium, Febelfin and, of course, the banks. The latest news about the progress A78 made can be read here.
On a European level the European banking regulator (the European Banking Authority, or ‘EBA’) keeps an eye on whether everything goes as it should.
Yesterday we got great news. 👏 The EBA expressed its disapproval of a range of illegal obstacles to our services.🚨
We’re very happy with this opinion, because it condemns a lot of practices pursued by Belgian banks that make it difficult for you to connect your bank account to Cake (or to keep it connected).💥
The EBA’s opinion confirms that:
- Banks have to support a connection of 90 days between your bank account and our app. 📆
- Banks can no longer use general ‘kill switches’ designed to prevent you from consenting to our services in advance. 💣
- When you connect your bank account to the Cake app, banks have to support all the authentication methods they offer to you to connect to their own banking channels (such as Itsme, face recognition, or fingerprint access). 🐾
- Banks cannot redirect you to a web browser environment to authenticate (with the digireader + card) if you have their mobile app installed on your phone. 📲
- Banks should not ask you for more than one authentication when you try to access your bank account via Cake ☝ (for instance, they cannot ask for one authentication to connect your bank account and one additional authentication to get access to your transaction data).
- After the authentication, you should be redirected automatically to Cake 🔄 (meaning that you shouldn’t need to reopen our app manually).
- Banks cannot require you to reselect the account that you want to connect to Cake, as we already transmitted this information for you when launching the authentication. ✅
The EBA expects that our banking supervisor (the National Bank of Belgium) takes this opinion into account and ensures that banks remove any obstacles identified within the shortest possible time and without undue delay. 👮
We hope that this will not only speed up the connection of non-ready banks (like BNP Paribas Fortis) but also will improve the APIs and give you a smoother experience when connecting your bank account to Cake! 🍰