4 ways PSD2 can generate innovation, healthy ‘co-opetition’ and growth
In 2007, the Payment Services Directive (PSD) established the legal foundation for an EU-wide single market for payments. The comprehensive set of rules was designed to make cross-border payments as easy, efficient and secure as payments within an EU member state. The ultimate goal of the PSD was to foster competition by opening up payment markets to new entrants, in turn creating more convenient, cost-effective and secure payment options for consumers.
As expected, the PSD created a unified way to make credit transfers across the Single Euro Payments Area (SEPA) at almost no cost to the corporates. Recognising immense opportunity in the new payments value chain, digital-native Fintechs and non-banking institutions quickly emerged to offer non-traditional — and unregulated — digital payment initiation and aggregated accounts information services, such as personal finance management, directly to end users.
These service providers brought innovation and competition, providing more, and often cheaper, alternatives for digital payments. But they also introduced more risk at the consumer level, making it clear they should not remain unregulated. To improve transparency and security in the single market and to create a more level playing field, the PSD was expanded to include third-party providers (TPPs) on top of the Payment Service Providers (PSPs) already introduced in the first release of the PSD.
The revised directive, PSD2, was formally adopted by the EU Council of Ministers in December 2015 (Directive 2015/23661 ) with a transposition deadline for all EU countries of January 2018.
Increased competition from new players — the Third Party Providers (TPPs)
PSD2 is intended to improve consumer protection, promote the development and use of innovative online and mobile payments, and ensure secure and open access to customer accounts — all very good for new entrants and end users of payment services. But what will these outcomes mean, in practical terms, for banks and other financial services institutions who now find themselves in uncharted digital territory?
A major component of PSD2 is Open Access to Customer Accounts (XS2A), which requires banks and other institutions to share payment account information with TPPs via open APIs. XS2A removes barriers to entry for new retail and Fintech players, clearing the way for them to create payment and information services that link directly to customer payment accounts.
TPPs include Payment Initiation Service Providers (PISPs), such as Sofort in Germany, IDeal in the Netherlands and Trustly in Sweden, and Account Information Service Providers (AISPs) that aggregate customer information from multiple accounts and make it accessible from a single portal.
- PISPs: XS2A will cut out the 'middleman' in electronic payments by allowing merchants to use a customer’s account details to initiate a payment directly from the bank. From the customer standpoint, this puts the shop, mobile app or online service at the forefront of the transaction, relegating the bank to the role of invisible PSP.
- AISPs: XS2A will enable consolidation of information from multiple accounts and multiple banks, giving consumers real-time visibility into cash flow and payment transactions in one place. This will give AISPs access to a data goldmine for cross-selling and personalisation of offers that threaten to undermine the bank’s customer relationships.
Increased technical complexity — and uncertainty
More regulated SEPA payments, security requirements and consumer protections add to the complexity of PSD2 compliance. The EBA’s formal Guidelines and Technical Regulatory Requirements will include strong authentication, authorisation and identity management to address security challenges that emerge from XSA2.
Adding uncertainty on top of complexity, the EBA will continue to issue requirements until mid-2017, leaving a very small window of time for testing and implementation prior to the January 2018 transposition deadline.
Stake your claim in the new payments value chain as a digital banking innovator
At its core, PSD2 is aimed at reducing the cost of payments to the point that they are a commodity rather than a value-added step in a business interaction. Clearly, XS2A will further disrupt payments markets that have been dominated by banks, cards and cash for decades. So it’s no surprise that incumbent banks and other institutions might initially see the PSD2 requirement to open up their internal systems to third-party providers as an unwelcome burden that only creates more competition and less revenue.
But if you think strategically and look a little deeper, you will discover four ways through which PSD2/XS2A can actually be a blessing in disguise as you prepare to meet the 2018 deadline.
1. Leverage partner ecosystems using secure APIs PSD2/XS2A opens up new opportunities to aggregate services, create more distribution channels and share information with partners (who might have otherwise been competitors). By migrating to API-centric partner integration, you can manage and use multiple interaction channels consistently. As a result, you can create new revenue streams by using APIs to securely access partner services, and vice-versa.
Given that the EBA requirements for strong authentication will depend on the nature of the transaction and will continue to evolve until late in the implementation timeline, an agile security implementation strategy, particularly for identity federation, is a must.
2. Combine existing services to create innovative offerings In the new banking landscape, traditional services need to be available, but not in the same old ways. You can use APIs to build digital 'mash ups' that combine your existing internal services with TPP services to deliver precisely what your customers want and need at any given moment. By cooperating with the competition and leveraging what you already have to expand your digital services portfolio, you can stay front-and-centre in the digital economy.
3. Create the seamless omnichannel experience your customers expect Consumers expect real-time engagement and consistent levels of service across all of their physical and virtual interactions. Using APIs, you can ensure that data and services for consumers, partners and field forces are available, consistent and secure across all touch points — mobile, online, call centres, ATMs and branches.
4. Monetise services with analytics It takes real-time API usage data and operational intelligence to monetise services. With access to detailed analytics that leverage data and services from the bank’s entire ecosystem, you can introduce fresh business models with a new approach to business monitoring.
To meet the new PSD2 requirements for open access to customer accounts while compensating for lower payment revenues, you will need an agile architecture for integrating payments with other services outside the traditional banking ecosystem.
With the right vision and implementation strategy, the transformation forced by PSD2 can help traditional banks and other institutions become digital innovators and disruptors themselves, ensuring they will not only remain relevant, but take the lead in the new digital business value chain.
Bruno Cambounet, VP Banking and Financial Services at Axway