Just over a year ago, the second Payment Services Directive (PSD2) passed into law. Together with the more far-reaching General Data Protection Regulation (GDPR), PSD2 has been described as a huge leap forward for consumers in Europe, heralding a new age for banks and their customers. Banks’ willingness to embrace, and their capacity to effectively assimilate, the changes these regulations set in motion is expected to make or break many.
So, how will the banking industry change? Has it already changed? I sat down with Frans Labuschagne, country manager for UK and Ireland at Entersekt, to discuss PSD2 and how, and to what extent, it will alter the banking sector and the way you and I access our financial and payment services.
Q: What is PSD2?
A: PSD2 is an EU directive to regulate payment services and payment service providers. In other words, it is a compliance requirement that seeks to give greater autonomy to the consumer in accessing and controlling their financial data and increasing the liability of banks to protect it.
Q: How does it work?
A: Firstly, banks and independent payment providers are obligated to ‘open up’ their data and payment initiation capabilities to third-party providers as and when an account holder consents to their doing so. Fundamentally, this has made, and will continue to make, banking more competitive. Consumers have increased privileges in sharing and accessing their data and greater control over how and with whom they do financial business.
Secondly, to protect consumers and their financial assets in this more connected ecosystem where sensitive data is shared with many more entities than before, banks are obligated to improve their security measures. A key component of this is strong customer authentication (SCA), which requires that payment services providers use two independent authentication methods to verify that transactions are legitimate.
Q: What is the deadline for PSD2 compliance and who is affected?
A: The deadline for all companies to meet the requirements of PSD2 is 14 September this year.
There are three key groups that will impacted: all banks within the EU, their customers and third-party payment service providers that are involved in online transactions.
Q: How could a failure to embrace PSD2 effect banks?
A: It is not simply about banks complying with a new set of standards. Compliance is important, of course, but the regulations actually represent a huge opportunity for established players. By truly embracing PSD2, so-called ‘legacy’ banks, often accused of lagging behind in digital transformation, can keep pace with the new innovators and disruptors and the growing expectations of their customers. If they fail to invest and adapt properly over the short to medium term, they are in serious danger of being left behind.
For instance, the failure to provide additional digital services and a seamless transactional experience to a market that is increasingly tech savvy and accustomed to convenience, makes it probable that we will see young consumers switch to those payment service providers that meet their needs, such as PayPal or the ever increasing number of mobile first challenger banks.
Moreover, when PSD2 comes into effect, banks will be more liable for fraud if they’re seen not to be taking reasonable precautions to keep their customers’ assets safe and secure. The secondary, and arguably greater consequence of this, will be the reputational damage caused to those banks not seen to be protecting customers and their data.
Q: Who will benefit from PSD2?
A: Ultimately, those banks that treat PSD2 as an opportunity to evolve and modernise, rather than a mere legal obligation or regulatory hindrance, will be the most likely to benefit.
Third-party payment providers like Apple, Amazon and PayPal are already benefiting from the more ‘open’ banking ecosystem. With access to customers’ financial data, an appreciation for innovative user engagement and transactional infrastructures that suit the needs of the modern consumer, they are growing increasingly popular. Through increased interaction with these providers, consumers are also trusting them more and more.
Finally, and perhaps most importantly, consumers will benefit from PSD2. The requirement that financial service providers and banks open their data to third parties will enable users to access all their financial information across accounts at multiple providers on a single interface. Arguably more important is that this openness will increase competition, forcing banks to improve their service offerings, making the customer experience more personal, interactive and seamless. The implementation of SCA will also see banks improve customers’ digital security.
Q: Any final thoughts?
A: PSD2 is a significant change for banks in the EU. Many of them need to modernise and streamline services to keep pace in this era of rapid innovation and change. This new regulation will either provide them with the impetus to do so or present a whole new set of serious challenges in a very competitive environment.