What does PSD2 mean for the digital payment sector?
Since 2018 EU has implemented PSD2 following European Banking Authority (EBA) rules, as supervisory authority.
These PSD2 rules for digital payments in UE implementation has impacted significantly the financial sector, mainly enabling Fintech´s communicate with Banks and vice versa through open interfaces called, APIS´s.
These implementation between Fintech and Banks using API´S as a save path, has allowed the creation of many new fintech players and solutions that helped banking users reach their specific target needs in a faster and direct way as these means enabling to share data between the authorized players ( Banks and authorized fintechs) for a more appropriate product like for example finance management tools, multi entity management, or being able to operate through several bank accounts using one user account, or the option to enable an crow accounts from a non-banking entities, like a EMI´S. (E- money institutions).
How?
This PSD2 European Regulation entitles TPP (third party providers), to operate with financial institutions. Open banking.
How does it work?
Enabling API´s (Application Programming Interface) Tech standards and open interfaces working as mechanism allowing software programs to communicate in same language.
These TPP (third party providers) Can operate as:
- 1. Payment Initiation Service Providers (PISP). They have the power to make payments directly from the client’s bank account once their approval has been obtained.
- Account Information Service Providers (AISP). Providers who provide account information and add it when the customer has previously authorized.
What kind of info can these TTP access to?
Users info, Products, payment behavior, accounts (all of them), investment. Credit, loans, etc..
What are the advantage?
Mainly, allowing more players in the sector beyond traditional banks and sharing customers data (previous customer consent) for a tailored made wage of products as Private banking products, investment products, insurance products tailored according to the customer needs.
- Cost efficiency;
Banks have the opportunity to be able to subcontract different systems for the development and distribution of new products to third parties, especially those that are oriented towards digital channels and the possibility of appearing in third-party interfaces (APIs).
- Fraud prevention-
Entities will have the ability to manage fraud prevention more efficiently, by being able to access more information and verify it from a greater number of sources. Additionally, thanks to the appearance of more secure interfaces, the identification and authentication of clients will be improved, as well as the control of their operations.
- Standardization: they allow the creation of standardized communications between the different agents, facilitating scalability in the creation of connections.
- Access restriction: greater security when accessing data; without identification, you cannot access.
- Security in the transfer of passwords: through access with API, clients are not required to provide passwords to third parties to access on their behalf.
The information provided is granted in encrypted form ensuring the identity.
- Efficiency: By providing access to an API, content can be auto-published and available across channels more quickly. Allows information to be shared and distributed in a more efficient way.
- Personalization: Due to these interfaces, the entity can personalize both the content and the services derived from the analysis of data collected from customers.
What about security, are these Api´s save?
How we reach security levels?
It enables the SCA (Strong customer authentication) by asking the customer different identification access information such as,
- Knowledge; Something the user knows.
- Possession; Something the users owns, credit card.
- Inherence; Something inherent to the user (finger print)
Lately, Europe is looking for a PSD3 regulation which pretends to enter into force before 2026 or even later. This new regulation that pretend to cover further needs, and some questions come across since we all have experienced the SCA or any fintech TPP solution since 2020, some challenges such as the security SCA integration, how can SCA be improved? Has the payment sector evolved somewhere else that require other needs.
Are contactless payments saving enough?
Does the sector ask for stronger Fraud Prevention?
Open banking has brought many options for users, banks and fintechs to share information and increase their business and comfort for users, but also opened a wide insecurity due to hakers can take advantage from.
Even the multi-factor authentication (MFA), these reduced pishing, still there is space to improve in terms of authentication and security.
PSD3 has the ending to provide more security to the main players in the digital payments ecosystem, and prevent risk and implementing fraud prevention additional systems, so EU economies can walk safely during the next years.
Sources
- Europa.EU: Payment services: review of EU regulations
- European Banking Authority: The EBA responds to the request for advice from the European Commission on the revision of the Payment Services Regulations
Silvia Calls