The second instalment of Payment Services Directory, “PSD2”, will come into effect on 13th January ’17. By that date, EU member states are expected to have implemented the new payment rules as outlined in PSD2.
I recently listened to a radio programme where ex Barclays boss Antony Jenkins described PSD2 as “an opportunity for third parties to access a person’s bank data and to do something with that data.” He thus captured the core what PSD2 is all about: opening up banking data and using that data to create better, more integrated customer experiences.
Jenkins also talked about how in the new PSD2 world banks effectively provide the utility components that other services build on, acting as the frond end and being more customers experience focused. One can already see from the success of Fintech startups such as Monzo, Remitsy, Varo Money and Abra the distinction between financial service players that focus more on front-end customer experience and those concentrating on the underlying ‘plumbing’. Jenkins mentioned the concept “a browser for your financial life”. Viewed within the context of PSD2, the idea of a central browser for one’s financial life really resonated with me.
All of this made me have a first stab at understanding the essence and ramifications of PSD2. This is what I’ve learned sofar:
Develop new payment solutions – Account Information Service
Ultimately, PSD2 aims to stimulate new payment solutions, using digital tools and infrastructure to create a more seamless payment experience. As a result of PSD2, there will be two new types of service providers: “account information service” (‘AIS’) and “payment initiation service” (‘PIS’).
Under PSD2, an AIS is defined as an “an online service to provide consolidated information on one or more payment accounts held by the payment service user with either another payment service provider or with more than one payment service provider”. As customers, we can benefit from AIS through its ability to offer an aggregated view of a customer’s accounts. Having this consolidated view should make it easier for customers to analyse their transactions and spending patterns across a number of their payment service providers (‘PSPs’).
Develop new payment solutions – Payment Initiation Service
Whereas AIS covers the aggregation of account data, a payment initiation service (‘PIS’) enables the movement of money between accounts with different PSPs. Under PSD2, a PIS is “a service to initiate a payment order at the request of the payment service user with respect to a payment account held at another payment service provider.”
In essence, a PIS acts as an online service which accesses a customer’s payment account to initiate the transfer of funds on the customers’s behalf, provided the customer has consented and authentication has taken place (see Fig. 1 – 2 below). Payment initiation services thus provide an alternative to paying online using a credit card or debit card. PIS aren’t allowed to hold payer funds or store sensitive payment data but can initiate payment transactions on behalf of customers.
To me, the future payment initiation capability for “merchants” feels like the most exciting opportunity that PSD2 offers. It means that merchants such as ecommerce marketplaces can access the payment accounts on their customers’ behalf and initiate payments, without the need for credit or debit cards. PIS will be allowed to communicate securely with the customer’s bank and seek information required for payment initiation.The PIS will use APIs to link to the merchant’s website or app with the customer’s bank.
Fig. 1 – PIS workflow, merchant acting as a Payment Initiation Service Provider (‘PISP’) – Taken from: https://www.temenos.com/globalassets/mi/wp/16/temenos_psd2_whitepaper_v2.pdf
Fig. 2 – PIS workflow, merchant goes through a PISP to collect money from a customer’s bank account – Taken from: https://www.temenos.com/globalassets/mi/wp/16/temenos_psd2_whitepaper_v2.pdf
Reinforced customer protection
As a direct consequence of the data sharing and integrations that PSD2 enables, customer protection will be increased. For example, all payment service providers will need to prove that they have put specific security measures in place to ensure safe and secure payments. PSD2 requires “Strong Customer Authentication” (‘SCA’), which is also known as two-factor authentication. Two-factor authentication is already a common feature of lots of digital products and services (see the Google example in Fig. 3 below). Typical components of two-factor authentication are (1) knowledge (something you know, such as a password) and (2) possession (something you have, such as a card or mobile device) or ‘inherence’ (something you are, such as a fingerprint or voice recognition). Each element must be independent from the others so that if one is breached this does not compromise the integrity of another.
Fig. 3 – Google 2-factor authentication example – Taken from: https://paul.reviews/does-two-factor-authentication-actually-weaken-security/
Main learning point: My biggest, initial takeaway from learning about PSD2 is that digital payment services will become a lot more seamless and easy. APIs will act as key ‘enablers’ of new opportunities to integrate customer’s financial activities and online behaviours.
Related links for further learning: