The aims of the European Commission’s revised Payment Services Directive (PSD2) are clear. It is designed to enhance consumer protection and convenience, improve the security of payment services and promote innovation and competition.
While these aims are simple to express, the implications of PSD2 for payments industry participants,
both established and new, are wide-ranging and complex. Many of these have been extensively discussed and debated for at least the past year, but now that the PSD2 has finally arrived the pressure is on for impacted institutions to formulate and execute their strategic responses to the changes PSD2 will bring – writes Jose Rodrigues Solution Director, CA Technologies.
PSD2 heralds a number of challenges for banks and other impacted institutions, and there are some areas in which clarity is still needed. For example, there are concerns about how to handle the gap of some six months between PSD2 being implemented and the technical standards to underpin the ‘access to accounts’ element of the Directive being finally available.
And many of the provisions of PSD2 will require considerable planning and work to comply with – such as the change in handling of ‘one leg out’ transactions (where one party to the transaction is outside the EEA or the currency is non-EEA, exempted under the original PSD, but included under PSD2).
The requirement for enhanced security around payments is also likely to create considerable work for market participants – and the banks and others are waiting to find out more details of what they will need to do from the technical standards. But by far the most talked about challenge created by PSD2 for the banking industry, for which payments is such a critical business, is the strategic impact for banks of the fact that they will be required to open up access to account data to third parties at the request of customers, to support both account information and payment initiation services provided by those third parties, the so-called TPPs (Third Party Payment Service Providers).
This represents a paradigm shift for banks in the payments business comparable to that experienced by telecoms providers when they were forced to open up their infrastructure and allow in new entrants. The banks must expose their data to other players, and these competitors can then build business propositions for the banks’ customers, to gain their trust, and to generate revenues from them.
This is clearly a boost for new entrants into the payment services space, giving them access to the customers they lack, as well as to other new entrants in the payment initiation and account information businesses, which will be able to rely on guaranteed and robust access to customer account information at the banks to underpin their services.
But open access is not necessarily such a grim prospect for traditional banks either. All players have an opportunity here – especially organisations with large customer bases, like banks. The key will be to work out how to monetise the investment that must be made in open access, potentially by creating premium services on top of the services mandated by PSD2.
In the post-PSD2 world – where there is an ever-growing number of electronic transactions – solutions to establish online trust will also be vital. Banks have a good pedigree when it comes to trust and another strategic option for them could be carving out a role in managing digital identity.
PSD2 will obviously impact business models and require a rethink of business strategies – probably leading to a new wave of collaboration and partnerships in the new competitive landscape – but the implications of PSD2 from a technology standpoint are also significant.
Indeed, it is not going too far to suggest that with PSD2, IT moves from being a supporting function for the business to being a driver of the business. Banks will obviously have to get to grips with open APIs (which could be a challenge given the reliance of many banks on legacy systems), and all impacted entities will have to grapple with the security and authentication demands of PSD2.
But there is also a question of performance to be considered here: the need for an infrastructure capable of scaling to cope with millions of transactions. Not only established players but also new entrants will need to be able to provide API access backed by high-grade security and scalability.
In short, PSD2 is a business challenge as well as an IT challenge and the technical dimension needs to be factored into the strategic thinking currently under way across the market in response to this Directive.
The post Preparing for PSD2: exploring the business and technology implications appeared first on Payments Cards & Mobile.