PSD2 and Open Banking — The New Way to Work Your Money

The main question behind the Payment Services Directive (PSD2) and Open Banking: Is it innovative or just platitudes against competition?

Open Banking allows a third party to perform certain acts with your financial institution on your behalf, such as enacting a payment or reviewing your spending habits.

The concept of allowing third parties access to our banking data is not new. Aggregators, for example — the applications or websites that show all of your personal financial accounts on one screen — have been around since banks went online in the late 1990s. The methodology behind account aggregation was not without a certain degree of risk, however, because in some cases it involved sharing your credentials with a third party, leaving security as a distant thought.

Several factors are driving the recent push to open up the main banks: competition, security, and integrity. Open Banking is now being adopted all over the globe, with prescriptive solutions defined in the EU, South Africa, Mexico, and India. In the UK, Open Banking was introduced in order to open up the core banking environment and initiate the same sort of fluidity and competition that other markets, such as the energy supply sector, have experienced.

There are two core services that can be provided: payment processing and account information. The former has had less impact than expected, with relatively few transactions utilising this function. This may change if services offered by the large mobile phone companies become Payment Initiation Service Providers (PISPs). When you pay by a card in your digital wallet on your cell phone, processing acts exactly the same as with your physical card, with the same charges and potential delays to retailers. In contrast, a PISP is making a payment from your bank account, not your digital or physical card, and therefore there are fewer delays and overheads. Think about paying someone from your online banking as compared to buying groceries. The first is usually instantaneous (depending on geography) and the second is up to the card handler.

The account information process is far more successful. I think it is safe to say there is no killer app that has become the epitome of what a successful PSD2 or Open Banking implementation can bring. However, there are an increasing number of solutions that are beginning to address valid concerns and requirements. These may appeal to a certain age group or demographic, such as those who have round-up savings plans or need help with letting a property, just as applications exist that are designed to protect vulnerable or elderly members of society by alerting family or trusted people to anomalous transactions.

Financial institutions (in PSD2 terminology, ASPSPs — Account Servicing Payment Service Providers) have had varying degrees of adoption of PSD2 across Europe. This may be because they see it as a burden having to invest in infrastructure with very little potential for a return — a real threat to their business model or a market that will eventually die out.

That burden is not to be underestimated. The requirements to deliver potentially hundreds of connections secured by a myriad of certificates from multiple CAs (certificate authorities) creates significant admin overhead. Notwithstanding that, availability and access need to be at the same level as the main website used for account information.

One example that is not strictly related to PSD2, but the premise remains the same, relates to a recent purchase of mine. I needed to replace a fitness tracker, and I decided to get one with near-field communication (NFC) to allow me quick access through the turnstiles on the London Underground. Using an NFC credit, or Oyster card, wasn’t an ideal solution, because I was spending more time on public transport with my 2-year-old and the usual assorted accoutrements that you would expect.

This meant that fishing out a credit card with your hand that already is carrying something, while going through a turnstile — in other words, something that is nigh impossible. Unfortunately, I was surprised to find out that the fitness tracker I plumped for did not have a payment system linked into any of the major high street banks. Disappointedly, I looked to replace the tracker, but at the last minute thought about trying out one of the banks that was supported. On a Sunday afternoon I applied, and it was active within the hour. Not only did my fitness tracker work on the Tube, I was also alerted to a whole host of new features and better deals than my current bank could offer. Most appealing was the lack of overseas transaction fees, including when using ATMs. As someone who travels a lot, this was a very nice upside. And of course, my current bank loses out on all those juicy transaction fees. 

The rationale is that more and more apps are becoming available, and eventually a killer app will come to the fore. When it does, customers will expect it to work seamlessly with their primary bank. If it doesn’t, it might cause them to rethink their loyalties and choose a different bank.

*** This is a Security Bloggers Network syndicated blog from The Akamai Blog authored by Richard Meeus. Read the original post at: