How exactly is PSD2 faring across the EU? Here are the lessons from an actual LIVE PSD2 implementation for a UK based client.
It has been over a year since the implementation of the Revised Payment Services Directives (PSD2). The directive was really meant to thrust innovation upon the payments industry and make it a level playing field where non-banks could compete with the established financial behemoths. It was to be a seismic shift and empower customers to really take control of all their data.
But has it lived up to the expectations? Looking at the developments over the last year, some trends have become clearer.
PSD2 is more than just Open Banking
In 2018, the Regulatory Technical Standards (RTS) on strong customer authentication (SCA) were published which provided more detailed technical specifications. SCA will come into effect across the EU in September 2019. Banks will have to invest to ensure compliance with SCA and it impacts everything - from Point-of-Sale machines to online payments and everything in between. The challenge with SCA is to balance the need for security while also avoiding any frictions in the shopping experience. That can prove to be a tough nut to crack, especially since solutions are still being developed and tested.
Consumer awareness remains a challenge
The September 2019 deadline will undoubtedly mark the beginning of the next epoch in the payments industry, but consumers are still largely unprepared for the changes. The requirement for Strong Customer Authentication is likely to cause hiccups and lead to disruption in the retail consumer space. In addition to building solutions that meet the regulatory requirements, banks also have to invest in customer education, exception handling, alternate channels and so on.
Standardisation is key
For PSD2 to achieve its full potential, cross-border interoperability of payment systems and processes must be achieved through standardisation. Although technological neutrality is a key tenet of the EU’s guiding principles, without some voluntary standardisation the APIs standards could become fragmented. Some initiatives towards standardisation are already underway like the Berlin Group’s NextGenPSD2 for example.
Compliance vs Innovation
Some banks and other payment institutions are only doing the bare minimum to achieve compliance with the new directives. While there is nothing wrong with that, it is likely to leave them vulnerable to disruption from the more innovative players who are constantly looking to chip away at the market share of the incumbents. For example, biometrics can play a significant role under the broader spectrum of SCA. Open APIs can be expanded in a way that they make it possible for the IoT (Internet of Things) devices to be used more securely and have wider applications.
These are some of the general trends which have been noticed since the PSD2 implementation. Next, we look at a specific case study of a live client rollout in the UK.
Experiences from a live client rollout
The linked case study from Avaloq sheds light on some key learnings from an on-the-ground implementation of open banking. Below a brief summary of the key objectives and learning points from the case study.
A project in the UK for a subsidiary of a global banking institution
Objectives and Success Criteria:
- Enabling the private banking subsidiary of the institution to deliver on PSD2 regulations
- The creation of a new portal service which can provide a holistic wealth view to the clients
- Be one of the first aggregators to market in the European wealth sector
- The solution must integrate seamlessly with the existing web and mobile banking platforms of the bank
- Seamless integration with the existing authentication protocols
- 100% compliance with the bank’s strict security architecture
- The solution must adhere to the broader governance policies of the bank
Key Learning Points:
- Many banks use a wide variety of legacy systems and the presence of old technology can prove to be challenge when implementing a new open banking solution. The presence of custom fields can further complicate matters especially when scaling. These challenges require deep domain expertise to resolve.
- Open APIs (Application Programming Interfaces) can greatly simplify implementation. With the use of these APIs, interfacing is limited to standard fields and data subsets. These APIs can also be used to eliminating certain scaling issues.
- Finally, rigorous testing is necessary to ensure that there are no potential leakage points at any of the interfaces.
The experience of an actual on-the-ground implementation, especially for something totally brand-new, cannot be matched with any amount pre-planning. The broader experience of witnessing PSD2 implementation at a macro level and company specific case studies provide us with a broader view of the challenges that lie ahead and potential solutions.