A year after the initial deadline, the revised European Payment Services Directive (PSD2) has finally been implemented in the Netherlands. With the new legislation passing the Dutch Senate late last year and the EBA Regular Technical Standards ready to be implemented in September this year, PSD2 is becoming a reality that will enforce open banking and create more safety and security for its users. It should bring the payments industry smart innovations, by allowing licensed Third Party Providers (banks and non-banks) to easily initiate payments from bank accounts and retrieve account information – if the account holder consents. With the recent implementation the question now is how do we actually make the implementation of PSD2 in practice a true success?
By Steven Schouten, Business Consultant at Visma Connect (formerly ebpi)
Adoption in The Netherlands
indicates that 82% of the people do not know what PSD2 actually is. A very high number if you look at what the possible impact on the market might be, but not that surprising. The long implementation cycle of PSD2 resulted in a drip feeding of news articles in the mainstream media. With only one or two articles every few months with relatively boring and sometimes wrong content it seems not to have grabbed the attention of the public. A shame because it is exactly this public that needs to get excited about the new directive. This excitement is shown by people who actually are aware of PSD2. Up to 64% of the people of these people would be interested in using services affiliated with PSD2.
The potential to be discovered
The possibilities of new services based on PSD2 XS2A can come from a great many angles. Established businesses can benefit greatly by expanding their existing services in using the new payment services introduced with PSD2. With one of the possibilities being the initiations of payments, a big webshop could smoothen the user experience for their customers by introducing their own payment solution and therefore reach a higher sales conversion rate.
The other new PSD2 service will enable businesses to access the account information of their users, if these users explicitly give consent for this. This service will enable parties to react faster and give better insights based on the payment behavior of the user. Imagine a mortgage provider being able to detect a default situation in the making and therefore being able to help in time to prevent it. The payment data provided will enable such services.
These expansions on existing businesses are great and can give an edge over the competition. However PSD2 should also be able to be used to explore new payment and other banking services never possible before PSD2 or even not even thought of before PSD2. With these innovations we can reshape the world of payments and banking.
How parties can exactly implement the benefits from the new PSD2 Access-to-the-Accounts services is largely to be discovered:
- it is not fully clear how Strong Customer Authentication (and its exceptions) will affect the PSD2 service of and associated experience of the customer
- the practical implementation of the relevant bank API’s are still being discussed at this moment leading to uncertainty about implementation complexity, certainly in the fragmented EU context
- new enhanced Access-to-the-Account services are being discussed under guidance of the European Central Bank in the European Retail Payments Board
- obtaining a Third Party Provider (TPP) license is a large effort, including many requirements on the safety, reliability and security of the TPP IT architecture, operation and maintenance
- how GDPR impacts the use of account information by TPPs, especially when this information is conditional for an overarching service provided by the TPP.
This is just a small set out of a long list of open questions and uncertainties that still require further clarification for the stakeholders involved to come to an efficient and seamless open banking eco-system.
We are convinced open banking is the future and that the current mandated Access-to-the-Account services will develop over time into a manifold of interesting services that can further fuel innovation.
Introducing these new XS2A under PSD2 do not come without any challenge as mentioned. New entrants will need to obtain a license, will be subject to heavy regulations by the local competent authority and will need to invest significantly into a capability that can safely, securely and reliably initiate and process XS2A services with banks. The authority, in their turn, will need to ensure a clear application process to enforce the regulations. And finally, the banks will need to open their infrastructure, that has so far always been closed, to the outside world. These three parties are the key parties that will need to work closely together in order to make the implementation of PSD2 a success.
However, besides these three main parties there are a number of additional parties that can support in the successful implementation of PSD2. These supporting parties can be a Know your customer (KYC) provider that provides a smooth KYC process in compliance with the regulations, a legal advisor that can aid with the complex nature of the obtaining a PSD2 license and a technical service providers who can take away a large part of the burden from the TPP, such as the integration with banks via a variety of different APIs and authentication methods, account consent management, storage of account balance and transaction data as well as PSD2 and GDPR compliancy. Including an cooperating other relevant and specialised parties will enable everybody to focus on what they can do best.
About Visma Connect
Visma Connect designs, builds and delivers working solutions and services for highly secure, fast and reliable qualified information exchange. They process large volumes of digital and business critical messages, exceeding 300 million messages in 2018, and deliver services to the business community, municipalities, agencies and national governments.