The new European regulation on payments means fundamental changes in the industry, as it gives third parties access to bank infrastructure. It underscores the growing importance the Application Program Interface (API) world is acquiring in different sectors like finance. BBVA is one of the financial institutions opening access to its platform and core services through “Open APIs”. The bank seeks to become the best partner for fintech firms to create disruptive models and develop a new line of business.
1. What is PSD2?
It all began in 2007, with the Payment Service Providers Directive (PSD), which sought to create a single payment market in the European Union to promote innovation, competition and efficiency in the EU.
But in 2013, the European Commission proposed an amendment (that’s where the 2 comes from in PSD2), which aimed to enhance these objectives. It seeks to level the playing field among countries and among payment service providers, putting consumers in a better position, as they will benefit from increased competition. It also hopes to normalize new payment methods like online and mobile payments.
In fact, PSD2 will allow consumers and merchants to benefit fully from the EU market, especially in e-commerce. The Directive hopes to help develop the electronic payment market in the EU.
2. What does this regulation mean?
The changes will have multiple implications, many of which are still unknown, but banks opening their payment services to other companies, the so-called Third Party Payment Service Providers (TPPs) are causing the most commotion. This involves allowing third parties to access bank customer’s accounts and making payments on their behalf, after the account holder gives their consent.
Until now, the TPPs had a difficult time entering the payment market due to numerous barriers that prevented them from offering large scale solutions in different member states. By eliminating these barriers, greater competition is expected from new players joining new markets, players who will offer cheaper payment solutions to the growing number of consumers in Europe.
TPPs will have to abide by the same rules as traditional payment service providers: registration, authorization and supervision by competent authorities. Furthermore, the new security requirements in the PSD2 text will oblige all payment service providers to increase security of online payments.
3. What does this mean?
So far, a business has to use a series of intermediaries for online purchase to take place, such as electronic payment providers, which contact the card company, let’s say Visa or Mastercard, which finally charge the checking account.
However, with PSD2, the consumer can simply authorize the business to make the payment on their behalf through their bank account. This means the bank and the business communicate directly using an API (Application Program Interface).
4. How will this take place?
As Venture Solutions Architect in New Digital Business at BBVA José Manuel de la Chica explains, “Although PSD2 does not specifically mention APIs, most technology and finance professionals assume that APIs will be the technological means used to allow banks to comply with the regulation.” But in his opinion, the real challenge is to create standards for bank APIs “in terms of definition, nomenclature, access protocols and authentication, etc.”.
For this reason, banks will have to implement APIs to share information with two types of providers. The first will make it possible to make payments from any online platforms, while the second are those that are already commonly used, like financial data aggregators, in order to access customer data and offer them services with an added value.
With PSD2, the consumer can simply authorize the business to make the payment on their behalf through their bank account
5. AIS and PIS services
Since the first PSD was adopted in 2007, new services have emerged in the online payment world, where the so-called third party providers (TPPs) offer customers specific services or payment solutions.
For example, there are services that collect and store information from a customer’s different bank accounts in a single place (account information services, or AIS). These services allow customers to have a global view of their financial status and easily analyze their spending patterns, expenses or financial needs.
Other third party providers simplify the use of online banking to make payments online (the so-called payment initiation services, or PIS). They help to initiate a payment from the customer’s account to the merchant’s account by creating a “bridge” software between both accounts, filling in the necessary information to make the transfer (amount of the transaction, account number, message) and inform the business of the start of the transaction.
PSD2 therefore leads banks to develop two kinds of services: payment initiation services (PIS) and account information services (AIS). In both cases, customer consent is mandatory and clearly, their prior authentication of both the individuals and the companies. This will give two external service providers access to banks: payment initiation service providers (PISPs) and account initiations service providers (AISPs).
6. When will all of this take place?
The European Banking Authority (ABE) has to develop specific guidelines, technical standards that will not enter into force until September 2018, when the different countries must apply the directive and financial institutions must be prepared to abide by it.
Other interesting stories