September 20, 2017 | DOUGLAS HARTUNG
“We need banking but we don’t need banks anymore.”
That’s a bold (and frequently quoted) statement by Bill Gates … from more than 20 years ago. And since that time the response from most bankers has been an equally well-known quote, “The reports of my death are greatly exaggerated.”
Aside from the growing usage of mobile banking applications, and upstart fintech companies providing bank-like services, one of the most fundamental changes in banking will begin in 2018: The Payment Services Directive 2 (PSD2) was adopted and member states in the European Union will transpose the directive into national law.
PSD2 is intended to drive greater access to information within traditional banks and spur greater innovation resulting in new types of financial services and client experiences. This regulation presents both risks and opportunities for banks, retailers and other third parties within the European Union. With the continuing adoption of APIs as a mechanism for interconnecting data and services between systems, PSD2 could represent a roadmap for banks around the globe to more easily and efficiently monetize the vast data stores in their systems and enable new and unique products and services for their customers.
The key elements of PSD2 are:
Third-party access to bank data.
Banks must offer their consumers the ability to grant permission to third-party providers, and the ability to access data held by their bank through third parties. This can include balance information, transaction history, etc.
Enabling new competition in payments and information services.
Third parties will be granted more direct access to existing payment and banking infrastructures. To do so, two new types of third-party payment providers have been enabled by PSD2, both of which represent opportunity for banks.
Account Information Service Providers (AISPs)
You’ve probably heard of Yodlee, the software company that provides account aggregation. This scenario is like Yodlee on steroids. With customer permission, AISPs will be able to aggregate information across multiple banks, offering true and simplified account aggregation and value-added services based on underlying transaction and balance data. AISPs could also become PISPs (see below), and enable their users to initiate a transaction through the related information services.
Payment Initiation Service Providers (PISPs):
A PISP will be able to initiate payments from third-party apps by accessing the customer accounts managed by an account servicing payment service provider (ASPSP) via open APIs. This could be a merchant, bank, or other third party that is licensed and certified to act in this capacity. From an infrastructure-access perspective, banks are ASPSPs, and are expected to provide mandatory “access to accounts” (XS2A) through open APIs. This requirement enables AISPs to provide payment services without providing the underlying funding account infrastructure or dealing with the associated regulatory overhead.
Strong customer authentication.
The European Banking Authority (EBA) is defining the Regulatory Technical Standards (RTS), such as security protocols and data that will be transferred, for the open APIs. The authorization process is likely to employ the use of tokens issued via XS2A APIs to protect customer account information and require the use of multi-factor authentication across all channels.
Global implications and opportunities.
Whereas the original PSD applied only to payments where both the payer and the payee PSP were located within the EU, the PSD2 will extend this scope to ‘one leg-out’ transactions—payments where at least one of the account servicing PSPs (financial institutions) on either end of the transaction is located within the EU.
While some banks have the resources and strategic vision to view this as an opportunity to create and/or distribute new and innovative products for their customers in partnership with third parties, many others are looking at PSD2 through a compliance lens and asking, “What is the least I have to do in order to be minimally compliant with the regulation?”
This is potentially a huge mistake. I hear from many bankers who speak of the large volumes of data they possess and can leverage to target new products and services or create more compelling user experiences. But often as dinner progresses, they will acknowledge that they have “oceans of data, and puddles of insight.” Thus far, failing to leverage data effectively has represented an opportunity cost for most banks. But with the vast sums being invested in fintech start-ups, the continuing advancement of artificial intelligence and machine learning technologies, the advent of modern software development processes, and now a regulatory mandate requiring banks to open their data to these aggressive third parties, the situation is likely to change quickly. Banks that don’t embrace PSD2 as an opportunity to more effectively tap into their own data will only be more easily commoditized down the road.
Over the next few months, I’ll talk more about the challenges and opportunities offered by PSD2:
Strategic Options for Banks to Consider: As a member of the Mobey Forum, Diebold Nixdorf is actively participating in the creation of a white paper that will be issued from the Forum in the next few weeks. We will provide links to this white paper and a summary of potential implications.
Implications to Retail: PSD2 could represent a significant opportunity for European retailers. We provide software and services to both the retail and banking sectors, and are well positioned to help our clients in both industries facilitate connections and create opportunities.
Global Implications: While the PSD2 regulation effects transactions in Europe, banks with global reach or those that only operate outside of the European Union will have a front row seat to understand how the emerging trend of Open Banking can affect their business. As a global provider of services, we are in a unique position to assist bankers and retailers outside of the EU in understanding how they can take advantage of the underlying approaches and technologies being deployed in Europe.
Have specific questions about how PSD2 will affect your business? Let’s start a conversation today.