A spokesperson for the Association of German Banks (BdB) confirmed to Out-Law.com that the appeal had been filed.

The BdB previously intimated its intention, together with the Association of German Cooperative Banks (BVR) and the German Savings Banks Association (DSGV), to appeal the ruling priorto a regional court in Düsseldorf.

The Federal Cartel Office (FCO) said in early July that general terms and conditions imposed by banks in relation to the employ of online banking services by customers were in breach of competition rules. The terms prevent bank customers from using their bank PIN (personal identification number) and TAN (transaction authentication number) in non-bank payment systems to grant access to third-party systems.

The terms begetimpeded the employ of recent payment systems for the purchase of goods and services online, the FCO said.

In an earlier statement the trade associations said they “reject the ruling” of the FCO and defended the restrictions banks impose as being “in the interests of the customer and the bank”.

“The terms and conditions currently in employ were recommended by the banking associations to their members in 2009 and set out, among other things, customers’ obligations not to disclose their PIN or TAN,” the statement said. “The [FCO] takes the view that this unfairly obstructs online payment services which employ the customer’s PIN and TAN. The affected associations do not share the assessment of the competition authority and will appeal the ruling in the Düsseldorf Higher Regional Court.”

“The clauses are in the interests of the customer and the bank because their sole purpose is to build online banking secure and ensure data protection. They require customers to protect the PIN and TAN assigned to them by their bank from being accessed by third parties. Otherwise, there is a risk of these ‘keys’ to their account being used to gain unauthorised access to account data and for fraudulent transactions,” it said.

below the recent EU Payment Services Directive (PSD2), which came into force in January and which will require to be implemented into national laws across the EU by early 2018, banks and other payment service providers (PSPs) must handover so-called payment initiation service providers (PISPs) access to their customers’ accounts so as to facilitate transactions ordered at the customers’ request. However, in return, PISPs must observe a number of data security obligations and seize on certain liabilities in relation to any unauthorised transactions they are responsible for.

PSD2 also promotes account information services, befondof businesses that grant customers to access information about every their payment accounts in unit place. The recent rules require PSPs to unlock up access to the accounts they manage on behalf of a customer where the account information service provider (AISP) has obtained the “explicit agree” of that customer for such access. befondof PISPs, AISPs also face data security obligations.