What is continuous access and why is it limited to 180 days?
Continuous access, in the context of Open Banking API in Europe, refers to the ongoing and real-time access that authorized third-party providers (TPPs) have to a customer's bank account information. It allows TPPs to retrieve transaction data, balances, and other relevant details directly from the customer's bank account on a regular basis.
The duration of continuous access is typically determined by the consent provided by the customer during the authentication process. The customer can specify the duration for which they authorize the TPP to access their account information.
Recently, there has been an update to the Regulatory Technical Standards regarding Open Banking in Europe. Previously, banking institutions were required to ensure that Third Party Providers (TPPs) could access linked accounts for 90 days after authentication without requiring the end user to re-authenticate. However, this duration has now been extended to 180 days.
This extension is crucial for various applications and use cases that rely on real-time access to transaction data. For example, budgeting apps and accounting platforms need to continuously gather new transaction information as it happens.
The extended access period applies to account information services and is valid for 180 days at the Account Servicing Payment Service Provider (ASPSP). This change aligns with the requirement to apply strong customer authentication, as outlined in Article 10a of the Regulatory Technical Standards(read more about it here).
It's important to note that this time-frame applies to all PSD2 APIs and all Third Party Providers connecting to these APIs. This update provides more flexibility and convenience for TPPs and the applications they support, allowing for a longer duration of continuous access to account information without the need for frequent re-authentication.
Read more about EEA 180-day access in our article here.