deep dive psd2_smanjena FINAL.jpg

deep dive into PSD2

Is Open Banking All It Can Be?

PSD2's aim to usher in the era of open banking and the sudden increase in the number of third party providers (TPP) bring great opportunities for both fintechs and customers, lowering costs and increasing competition. 

the world of tpp

Who are these third-party providers? Well, there are the AISPs, or Account Information Service Providers, which aggregate online information from a customer's payment accounts so that they can offer them an overview of their daily finances. And there are the PISPs, or Payment Initiation Service Providers, which provide online banking services and payments. TPPs can provide their services because PSD2 requires banks to allow them access to their API, or Application Programming Interface, which in turn allows TPPs to connect their own payment services to the banks' ones. 

Thus, APIs are fueling a revolution in payments, but banks and fintechs can only reap the benefits of open banking if API integration is simple and the payment is easy to use. There are four factors that will determine its success: flexibility, security, fraud protection, and good documentation. APIs that provide customers with a smooth user experience will also be the most successful ones.

The key benefits of API are:


Security Comes First

Under PSD2, the customer gives a TPP consent to access their payment account, which allows the TPP to make payments on their behalf. Of course the TPP, the bank, and the account holder must have clear and secure channels for both payments and communication. 

The aforementioned security is expected to be strengthened via Strong Customer Authentication (SCA). The aim is to reduce the risk of online fraud and enhance customer data protection both during payments but also during account overviews the customer makes using a service provided by the TPP.

In practice, SCA requires the use of several independent elements to approve a payment. These elements can be passwords or PINs, cards or various biometrics like fingerprints or voice identification; and there is also the unique authentication code that links the transaction to a specific amount and a specific account.

 SCA is expected to be applied to all payments unless they are, for example, below a certain (usually very low) amount or the beneficiary has already been identified.

However, there is the fact that large acquirers and merchants won't be happy with SCA's implementation because it's certain to lead to cart abandonment when customers are confronted with an authentication protocol that affects their desired frictionless payment experience.

Other Changes

SCA is, of course, not the only change PSD2 brings. There is the EPC SDD Core scheme rule that provides customers with an unconditional right of refund for direct debits up to eight weeks after the payment is made, and the regulation also places a ban on surcharges for most card payments.

In their search for improved customer experience, many fintechs are also turning to alternative payment methods in order to draw in new customers. While any fintech worth their salt will be offering mobile wallets, payment via mobile phone is already an expected feature and there is a growing interest in payments via wearables such as fitness trackers

Outside the EU: To PSD2 or Not to PSD2?

What about transactions that involve at least one party not located in the EU, do they also fall under PSD2's scope? The answer is yes, and it is PSD2's aim to provide customers with better information and protect the EU-based part of the transaction.

As expected, tech giants are throwing their hats in the ring. Facebook has obtained e-money licenses and payment processing authorizations for Ireland, while Amazon did the same for Luxembourg. And there is Google as well, who has entered Lithuania's financial market and is also competing with Facebook in Ireland.

Florence Diss, Google’s Head of Commerce Partnerships in Europe, said that Google was more focused on working with, rather than competing against, banks to explore opportunities from PSD2. She also said that Google's banking partners want to have the best customer relationships and so they’re all about promoting the integration of Google's solutions with their banking partners' ones.


Source: Berlingske

Of note is the peculiar asymmetry of PSD2 implementation where Google can request and will receive bank customer data, but the tech giant is at the same time not obligated to share its user data with the banks. While it's obvious Google is not keen on attracting unnecessary attention from data protection watchdogs and regulators, it is also clear that its very large user base provides it with much more clout than most other companies have in Europe.

The PSD2 Whirlwind in the Payments Industry

Open banking has motivated banks and PSPs to consolidate, with the acquisition of Citrus Pay by PayU being just one of recent examples.


There is also the example of multiple European banks, from the German Neobank N26 to the French Groupe BPCE partnering with TransferWise, a UK-based money transfer service.

TransferWise's forte is international payments and its API makes its simple and efficient services available to all its partner banks. Fintechs are looking towards improved cross-border payments, with Ripple, BTL and Wyre using distributed ledger technology. 

The ledger technology is truly the backbone of a new infrastructure that should facilitate an easier and smoother experience. PSPs and banks are also increasing their offers of contactless transactions via mobile and wearable devices. The trend of contactless payments has been steadily rising for years - 2.86 billion transactions in UK alone reported in 2016 - and is expected to reach $95 billion annually.

podcast: deep dive into PSD2

Find out what our Compliance Expert, Dalibor Jokić, has to say about Open Banking, the rise of fintechs, e-money and more in the new episode of InPayments Podcast.