Open banking, mandatory in Europe under the EU’s Second Payment Services Directive (PSD2), is now revolutionizing the American banking sector. How does it respond to the growing customers’ demand for more high-tech services and greater security of their data? Well, data security has always been an important topic, but there’s nothing more important than this in open banking.
Customer requirements
Data protection issues have become extremely important for fintech users. 56% of them say they would like to determine which of their accounts can be accessed by a third party while 18% want to know how their data is used by third parties. Roughly half (47%) say they would like to have a dashboard within each fintech app1.
PSD2 and its implications
The Second Payment Services Directive picks up where the original (PSD) left off and addresses its shortcomings, most notably its inconsistent application by the Member States, several generic exemptions, and businesses and unregulated intermediaries operating outside its requirements.
PSD2 attempts to2:
- Strengthen consumer protection
- Develop new payments solutions
- Regulate new market players
- Establish uniform card payment fees in line with MIF, the regulation on interchange fees for card-based payment transactions
- Increase competition
- Overcome difference between the disciplines of EU Members
- Increase efficiency through standardized infrastructures
According to consulting firm McKinsey, PSD2 is built on three pillars3:
- Pillar one. This pillar concerns transparency, including stricter customer rights, pricing and stricter reporting. Pillar One, for the most part, became effective on January 13, 2018.
The remaining pillars are due for implementation on September 14, 2019.
- Pillar two. This pillar deals with security, including strong customer authentication (SCA).
- Pillar three. This pillar covers access to accounts, including the technological standards by which financial institutions—which the PSD2 refers to as account-servicing payment-service providers—must allow other payment service providers to connect with their systems to access account information and initiate payments on behalf of customers. These standards also require banks to provide a protected “sandbox” to PSPs for testing and ongoing development of services that use the bank’s interface.
What’s Open Banking?
We can define it as making customer account information at traditional banks accessible via APIs to third-party providers (TPPs)—which can be nonbanks (such as fintechs, tech companies or credit agencies) or even banks (traditional or challenger). Once a customer authorizes a TPP to access his/her bank account, the TPP interacts with the account-holding bank (through APIs the bank provides) to obtain the information it requires to deliver services.
Customer Data Security
According to the PSD2 requirements and technical standards for its implementation, all TPPs involved in Open banking process must prove they have certain security measures in place to ensure safe and secure payments. PSPs also must carry out assessments of the operational and security risks at stake and the measures taken yearly4. A high level of payment security is an important issue, particularly for consumers paying via the Internet.
What next?
Softjourn helps banks implement Open Banking in a way to make consumers life easier, their experiences more personalized, and their transactions more secure by building up a system that is provided with a network of the financial institutions’ data through the use of application programming interfaces (APIs).