PSD2: Opening Up Banking

By Sindhu Vadakath, Vice President and Senior Product Manager, Treasury Services, BNY Mellon

As of January 13, 2018, the passing of a piece of payments legislation into European Union (EU) law is resulting in more choice and control for customers. The Second Payment Services Directive—otherwise known as PSD2—has revised existing legislation to improve transparency, data sharing, customer rights and costs associated with the end-to-end payments process. As such, PSD2 paves the way for non-bank competitors to enter and develop the financial-services market and expand the current offerings to customers.

As a result of the legislation, banks must now share customer data—if instructed to do so by their customers—with third-party payment service providers (TPPs) to support payment-initiation services provided by those TPPs. The new measures will aim to ensure that all payment service providers (PSPs) active in the EU are subject to supervision and appropriate rules.

PSD2 could be a game-changer, capable of altering the very DNA of banking and potentially opening the door to a transformed future payments landscape. PSD2 sets the stage for Open Banking (a system that provides a user with a network of financial institutions’ data through the use of APIs, or application programming interfaces) for any TPP that meets the required standards; it will make it easier for people to switch accounts and likely lead to more fintechs entering the market.

There are two categories of these new market players: Account Information Service Providers (AISPs) and Payment Initiation Service Providers (PISPs). With increased swathes of valuable customer data now at their fingertips, AISPs and PISPs are able to create new solutions that could transform how participating individuals and businesses make payments, as well as how they manage and understand their finances through digital platforms.

Data sharing and disruption

Since the 2008 financial crisis, banks have been required to navigate incoming, heightened regulatory demands, shifting their focus away somewhat from catering to the evolving needs of clients. Meanwhile, the environment of ever-increasing digitalisation has resulted in widespread customer expectations for fast, easy-to-use Internet and mobile services that manage all aspects of daily life, including finances.

As such, TPPs have entered the market as AISPs and PISPs with the aim of filling this gap in the financial-services market, and providing a simple, rapid and digitalised end-to-end payments process. With the implementation of PSD2, TPPs have more equal market access, giving them a better chance of disrupting the traditional payments space.

As an example, a customer could access an Open Banking platform created by an AISP using application programming interfaces to scan a large range of banks, compare their respective offerings and find the best-priced product for their needs, as determined by the private data that the client has consented to share.

PISPs, on the other hand, allow payers to initiate payments without direct contact with their banks. For instance, if a customer were to make a transaction with an online retailer such as Amazon, a PISP could allow the payment process to be initiated without the customer being redirected to the bank itself. Instead, the bank receives payment instructions from the PISP. Once the payment has been initiated, PISPs make it possible for the transaction to be tracked, amended or even cancelled.

These examples demonstrate some of the applications that increased digitalisation can bring to the financial-services arena. Above all, data-sharing—along with the potential for PISPs to create distance between customers and their banks—provide an incentive for banks and fintechs to develop competitive products, which is the very spirit of Open Banking and the main aim of PSD2. 

Mitigating risks

PSD2 and the concept of Open Banking has the potential to deliver new payment experiences for clients. Yet there is also a degree of uncertainty with respect to security: the huge volume of data that can now be shared between customers, banks and TPPs increases the number of points at which the system is vulnerable to cyber-attacks.

Banks have historically had strong records for providing secure end-to-end payments processes. Customer data was, until recently, the closely guarded property of banks alone and security of customers’ sensitive financial data a key priority. Indeed, BNY Mellon found that client respondents to their “Rethinking the Client Payment Experience” survey ranked security as the top criterion for the ideal payments process.

To help ensure bank security, the European Banking Authority (EBA) has published enhanced guidelines for payment service providers in light of concerns around PSD2. The EBA mandates that payment service providers adopt a “defence-in-depth” approach, examples of which include two-factor authentication, network segmentation and multiple firewalls. In addition, all payment service providers are required to regularly carry out risk scenarios and report the results to their relevant authorities at least once a year.

While somewhat comforting, the issue of security is perhaps where new market entrants may feel unable to compete with the well-established security of traditional banks. And although digitalisation is widely heralded as “easier”, there still exist pockets of the European consumer base that have tended to be slower on the uptake—particularly in countries with ageing populations that value a traditional paper-based payments process over unfamiliar digital platforms.

Open Banking means open partnerships

Although competition from fintechs could seemingly pose a direct challenge to their historic monopoly in the payments arena, banks undoubtedly remain at the heart of payments and still have a key role to play. Ultimately, however, client expectations demand a payments process with greater transparency and ease, whilst remaining secure. As alternative payment service providers eventually gain trust and purchase in the market, a failure to adapt may see banks sidelined in favour of the new offerings.

Recognising this, banks are seeking and integrating digital banking solutions to enhance their offerings. Furthermore, banks are already firmly established entities in command of vast client-data pools, meaning they are well-positioned to leverage this power by partnering with fintech companies looking to enter the payments space. And with Open Banking likely to fuel the number of new TPPs, this creates greater collaboration opportunities for banks, and greater means to enhance the digital payments space for clients.

Benefiting from such symbiotic relationships requires finding a way to integrate the ever more sophisticated digital solutions offered by TPPs into the internal legacy infrastructure of banks. With such solutions increasing in number, flexibility is key, and with the arrival of new, payment-based innovations, not only will it be natural that further revisions to the payments directive be made, banks must be able to deliver new solutions more quickly and effectively.

To best cope with the changes, banks need to leverage technology to allow open collaboration with third parties and relevant bodies. APIs, the use of which is expected to be fuelled by PSD2 data sharing, can create multiuser interfaces that allow seamless communication and integration between banks, clients, third-party fintech companies and, eventually, regulators. Providing a single platform to unite each corner of the industry can enhance dialogue and ensure a smooth transition throughout this payments revolution.

This level of open cooperation between all payments-industry players is the smoothest way to ensure that competition fosters innovation that will benefit end users, rather than overwhelming and complicating the market.

PSD2 and Open Banking are introducing significant change, and it remains to be seen exactly how they will redefine the industry and alter the traditional bank-customer relationship. Provided a balance between ease and security is struck, it presents an opportunity to enhance the client payment experience. The legislation has opened the gates for a flurry of emerging fintech companies and with them, a wealth of partnership opportunities for banks to harness new technologies, improve their offerings and overhaul the payments process for the better.