Things you wanted to know about PSD2
You’ve seen the PSD2 abbreviation a few times, you know that it’s related to payments, but have no idea what it stands for and how it could impact your business? At first glance, it might seem a bit complicated, but don’t worry — we’re here to help!
So, let’s start from the beginning.
The PSD adopted in 2007 comes with the creation of a single market for payments in the European Union and provides the legal framework for a Single Euro Payments Area (SEPA). The main purpose of this directive was increasing pan-European competition and improving customer rights. In 2015, the European Parliament passed the PSD2, which is meant to provide more innovations and security to European payments than the previous version of the directive.
What should I know about PSD2?
The revised Payment Services Directive, known as PSD2, includes the rules that must be implemented until 13 January 2018, so that’s why it matters now.
PSD2 is about putting all existing players under one, unified regulatory framework. It is a directive that requires banks to provide access to their customers’ accounts via open APIs. The new regulation, which is meant to drive innovation on the European market, needs to be transposed into national law of the European Union countries.
To be more precise, one of the most important points covered in PSD2 is XS2A (Access to Account) that allows third parties to access bank accounts to get customer data – only when the customer gives their consent – such as bank account balances or transaction history. Thanks to XS2A, TPPs (third party providers) will access bank accounts in a secure way. This also comes with customer verification and authentication via APIs.
There are a few players included in PSD2
AISPs (Account Information Service Providers) — Providers that use financial institution’s (ASPSPs) API to provide users with their account/accounts information within one application.
ASPSPs (Account Servicing Payment Service Providers) — A customer’s bank, for instance.
PISPs (Payment Initiation Service Providers) — An entity that may access customer account data and initiate transactions without the APSPs prior commercial agreement.
TPPs (Third-Party Providers) which are able to initiate payments through PISPs, directly from the customer’s bank account.
In a few months, it will be possible to use third-party apps to check account balances, pay bills or make purchases without the need for logging to bank account. The payments market will be opened to new entrants, which means more competition will bring greater choices for consumers and lower prices.
Banks used to be self-contained institutions that delivered customers everything that was connected with their finances — from creating accounts with online access, issuing credit cards to lending money and managing customers’ savings. Today, fintech companies offer more convenient solutions, and with PSD2 all those financial operations within various accounts could be made all available in one application.
Simply put, banks need to open to other companies that might become their competition or partners. In general, third-party providers can build their services on top of banks’ infrastructure. It is considered that the PSD2 will hit bank revenues. According to a Roland Berger report, PSD2 will impact up to 40% of the European banking industry’s income.
The directive is also the answer to the current monopoly that banks have on payment services and customer’s accounts. For banks, following new requirements comes with IT costs increasing. That’s why some of them started working with fintechs or continue to try to make their own solutions that will meet today’s customers’ demands.
What will change
Under the directive, TPPs can deliver to customers aggregated information about one or several payment accounts. Such solution gives customers immediate, real-time information about their finances and lets them manage their money within one application.
Third-party providers can operate anywhere within EU, they just need to follow the regulations of their home country. Moreover, they can play two roles: Account Information Service provider (AISP) and/or Payment Initiation Service Provider (PISP).
AISPs will display all account information in one place while payment initiation service gives the TPP access to a customer’s account to check if there are sufficient funds, initiate payments and then, notify a customer about completed transaction.
Note that third parties have to be licensed and registered, and customers need to give their permission before they initiate an online payment or get access to their account or online services via a TTP. This means that customers can decide how their data will be shared among different companies.
Even though TPPs have access to customer’s information, they are not allowed to store the data. However, third-party providers don’t have to follow all requirements that have to be met by financial institutions.
PSD2 makes customer’s data open to more players than before, so there are questions about what purposes the data can or should be used for.
The main difference is that banks are still required to authenticate users and focus on security, but the access to customer’s account will no longer be restricted only through banking services.
Also with PSD2 comes stronger identity verification during online payments. According to the directive, all banks across the European Union must add at least two-factor Strong Customer Authentication (SCA). This means that payment providers must comply with SCA by delivering a combination of password or PIN with a customer’s physical identification device, or, for instance, fingerprint or voice/face recognition.
Banks also need to deliver effective security, such as fraud detection and precise reporting in case of fraud.
An exam for banks
PSD2 will shape the whole payments market and it will especially impact banks and financial institutions, but also payment providers.
With the new rules, it will be much easier for PSPs to obtain a bank account, so we can see an increasing number of new entrants to the market in the following years. Theoretically, it will create more customer and innovation centric approach. Those who know their customers’ needs better and find out what they struggle with, can offer solutions people want to use.
One of the biggest benefits for consumers is an increase in transparency and greater choice. They won’t be limited to solutions provided by banks, so they could see a potential huge difference.
Banks should not only comply with the new regulations, but also use PSD2 to highly benefit from it. Some of the financial institutions start looking for new opportunities to provide customers with a friendly experience. They work with fintech companies or even acquire them. Some of them, such as HSBC which started testing a platform that lets customers see all their accounts data on one screen, build their own services to attract customers.
However, banking is still considered a conservative industry, as many financial institutions still burden themselves and their customers with aging technology. This is why it’s not that easy for them to adapt their solutions to their customer’s demands.
As the access to bank’s client’s accounts has to come to action in January 2018, banks still have a lot of work to do. This all comes with costs and time-sensitive operations, which may lead to a lowering of their revenue. Banks may benefit from PSD2, but for most of them (especially those with legacy infrastructure) this may be a hard time. With a few months to go, there are possibly many new partnerships and collaborations coming.
The opportunities are out there and, with the rapid worldwide emergence of the fintech industry and need for real-time experiences and immediate payments, we can see solutions meeting customers’ needs more effectively.
Banks control their customers’ data, so it’s obvious they’re worried about the EU legislation that comes with opening up sensitive information to third-party platforms.
It’s too early to say how the services of the future will look like, but, for sure, the banking will be easier for most of the consumers, as PSD2 promotes innovation through transparency.
Payments in Europe will be more competitive, faster and cheaper for the end customer, which means more choices and better services. It’s just a matter of time to see companies that build solutions for bank’s customers.
Latest posts by Sandra Wróbel-Konior (see all)
- 3D Secure 2.0 specification in a nutshell - November 27, 2017
- Things you wanted to know about PSD2 - November 9, 2017
- PCI SSC Europe Community Meeting 2017 Afterthoughts - November 3, 2017