The second Payment Services Directive, also known as PSD2, has the potential to revolutionize payment services in Europe. So far, it has been a key driving force behind Open Banking, bringing greater competition and security to the payments market, by giving customers safer ways to share their data with third parties. Thanks to the advancement of technology, the payments industry is currently seeing disruption to legacy banking systems, and a move towards a world of Open Data. This will enable customers across Europe to actively own their financial data and choose how they want to bank, save and pay.
The revised PSD2, which came in to effect in January 2018, had been created to ensure that banks must enable third-party providers (TPPs) to work securely, reliably and rapidly with the bank’s services and data on behalf of and with the consent of their customers. PSD2 requires EU member banks to give authorized, i.e. licensed TPPs, access to customers’ accounts either via Application Programme Interfaces (APIs) or their user interfaces. It also mandates the use of Strong Customer Authentication (SCA), which requires multiple factors of authentication from a customer to initiate electronic payments and grant access to transaction data.
Despite the progress of PSD2, however, there are still challenges to overcome to achieve widespread adoption and to meet Open Banking objectives. So, what are the current roadblocks that European banks and financial services need to overcome to make Open Banking a beneficial reality for all?
- Five must-have security criteria to achieve PSD2 compliance (opens in new tab)
The need for an advanced API
A crucial factor standing in the way of the acceleration towards Open Banking has been the delay to API development. These APIs are the technology that TPPs rely on to migrate their services and customer base to remain PSD2 compliant.
One of the contributing factors was that the RTS, which apply to PSD2, left room for too many different interpretations. This ambiguity caused banks to slip behind and delay the creation of their APIs. This delay hindered European TPPs in migrating their services without losing their customer base, particularly outside the UK, where there has been no regulatory extension and where the API framework is the least advanced.
A lack of awareness around PSD2
Levels of awareness of the new regulations and changes to how customers access bank accounts and make online payments are very low among consumers and merchants. This leads to confusion and distrust of the authentication process in advance of the SCA roll-out. Moreover, because the majority of customers don’t know about Open Banking yet, they aren’t aware of the benefits. Without customer awareness and demand it may be very hard for TPPs to generate interest and uptake for their products.
Recently some regulators and banks, such as the Central Bank of Ireland, have made decent efforts to raise awareness of the changes with PSD2 campaigns. But it isn’t reaching the general public. When it does, it’s often because of scaremongering or fear, uncertainty and doubts around data security fueled by incumbents to protect their business. This also isn’t the right way to approach the issue as it will lead to people being more afraid, rather than aware. Instead, it is the role of payment service providers to educate their customers about Open Banking requests or opportunities, to ensure the public are aware of the changes to payment authentication procedures when SCA comes into play and are empowered to move their data.
TPPs have a real vested interest in getting customers on board with Open Banking. They should build on their customer relationships to grow trust and raise levels of education around the changes. When customers sign up for a new service, TPPs need to tell them explicitly what to expect before they have to do it, plus what explicit consent is required to access their account information in exchange for value-added services.
- What is PSD2? Everything you need to know (opens in new tab)
Opportunities and challenges in the age of Open Banking
Whilst the introduction of the PSD2 regulation hasn’t been seamless for the banking and fintech industry, it is set to offer many benefits and advantages for the end-customer, and the financial industry. In fact, the regulation will create an integrated and frictionless European payments system, that will provide the customer with more choice, control and security over their finances than ever before.
One of PSD2’s primary goals is to provide greater protection against fraud for banking customers, who may have previously been open to risk through weak authentication and unregulated data-sharing practices. The new rules insist on enhanced security requirements, including the use of Strong Customer Authentication (SCA) to protect customers while making electronic payments.
Furthermore, TPPs unencumbered by legacy technology have long been able to innovate faster than traditional banks. Now, this regulation will provide regulated and secure access to customer data, allowing them to develop products even more quickly. The new regulation also promotes technology on a European level and encourages fintechs to do what they do best: innovate.
It's also important to not forget that PSD2 regulation increases market competition allowing customers to choose a wider range of suppliers for their banking and payment services without having to switch their bank for that. The decoupling of banking services from the underlying account infrastructure will make it easier for customers to opt for the banking services that best fit their needs. It also increases the number of financial providers, services and products which customers will be able to choose from.
What is the future of Open Banking?
New regulations, technologies and market entrants are forever changing the way consumers and businesses think about payments. The financial services landscape is becoming increasingly integrated whilst firmly focused on the consumer. Across the UK and Europe, we’ll continue to see the rollout of technologies that put control in the hands of consumers. Open Banking will be pivotal in its role, opening up new avenues and opportunities for both banks and payment service providers (PSPs).
For many, the transition to Open Banking is a significant improvement to payment security and to the baseline technology that underpins customer facing products. The services we are able to offer off the back of Open Banking will improve rapidly and ultimately provide a better customer experience and a far better interface than we’ve used before.
Thanks to PSD2 and SCA, Europe is currently leading the Open Banking race. Moving forward, it’s extremely important to maintain the lead and build a future with Open Finance and Open Data as well.
- PSD2 SCA delay: an ideal time to re-evaluate authentication methods (opens in new tab)
Ralf Ohlhausen Executive Advisor, PPRO (opens in new tab)