Everyone who is someone in the payments industry will know that a revised Payment Services Directive (PSD2) legislation has recently come into force, to standardise how digital payments are made.
The new directive is designed to enhance consumer protection and convenience, improve the security of payment services and promote innovation and competition. While these aims are simple to express, the implications of PSD2 for the payments industry, and technology industry in general, are much more complex. Many of these have been extensively discussed and debated for at least the past year, but now that the PSD2 has finally arrived, the pressure is on for organisations to respond to the changes that it heralds.
One thing is clear - PSD2 puts the consumer, not the transaction, at the centre of the process. Right now when we buy online, for example, we share our card details with the merchant and other entities such as PayPal or MasterCard. They in turn get the money from our account via intermediaries. With PSD2, we will shop online without sharing card details over the Internet, securely and in confidence. Our transactions will be assured and enabled by advanced authentication. The result? Faster, easier transactions and improved security as well as increased innovation. So far, so good.
But what does it mean for banks and other third party providers (TPPs)? PSD2 calls on banks to give TPPs such as fintech companies, other emerging banks, retailers, and telcos secure access to customer accounts, given they have customer consent. Opening the payments market to new providers widens consumer choice, lowers transaction fees and adds to convenience. But banks and TPPs will also need to prove to their national regulator that they have the appropriate security measures in place, to prevent fraud and respect consumer confidentiality. And herein lies the problem.
Time to seize the opportunity
Banks and emerging TPPs need to move quickly to capitalise on this digital payment opportunity. From a technology perspective, banks will have to get to grips with open application programming interfaces (APIs) and TPPs will have to grapple with the security and authentication demands of PSD2. Established players and new entrants alike will need to be able to provide API access backed by high-grade security and scalability. While APIs will provide secure connectivity between customer accounts and the new TPPs, and allow banks and other players to start managing digital identities, their implementation can pose a challenge to many traditional financial organisations, given their reliance on legacy systems. There’s also a question of performance - the need for an infrastructure capable of scaling to cope with millions of transactions taking place at the same time.
It becomes clear that PSD2 is not only a business challenge but also a technological challenge. Arguably, that’s exactly what turns it into an equal opportunity for all players – especially organisations with large customer bases, such as banks. Armed with the right solutions, banks could become TPPs themselves, for instance, selling complementary services to customers, leveraging disruptive trends like wearables or the Internet of Things. Other organisations, like retailers, telcos or utility companies, could also offer their own payment platforms, reducing commission fees, strengthening customer relationships and positioning themselves as identity providers – something that’s already taking place.
The race is on for PSD2 compliance and the time for action is now. Banks and TPPs have a chance to create a strategic advantage out of their compliance efforts, accelerate digital transformation and put the customer at the centre of the market. Whether they will capitalise on the opportunity presented to them – only time will tell.
Ian Clark, Senior Director, EMEA Solution Sales at CA Technologies