Since the beginning of the year, however, banks have faced a new challenge when it comes to managing personal data. Since January 2018, countries of the European Union have been obliged to implement the Payment Services Directive 2, or PSD2 for short. This directive was already adopted two years ago, but only has to be transposed into national law since the beginning of the year. Banks now have to meet the requirements laid down in the directive. The following PSD2 summary in this article is intended to show exactly what is described.
Until now, banks in Europe have been in a comfortable position when it comes to the management and use of customer data: they alone had the sovereignty over account information. For decades, therefore, not much has changed in the banking sector, even though there have been some innovations with technical innovations such as apps and contactless payment. Customers often remain loyal to the bank of their choice throughout their lives. The aim of the directive is to make European payment transactions safer and more convenient for customers, while at the same time creating more competition. One of the aims is to make bank data more open. This may not sound very impressive at first, but it could completely change money transactions.
PSD2 gives FinTech companies better market access
However, the European Commission hopes that the new regulations will also give smaller and innovative service providers, the FinTechs, better access to the financial market and its customers. This is because up to now it is mainly big banks that have been dominating the international and European financial markets.
Until the PSD2 directive came into force, the house banks alone had insight into the payment behaviour and creditworthiness of their customers, for example monthly direct debits. Until now, banks have often not made use of this. Now bank customers can decide for themselves how much they want to protect their own data and to whom they want to grant insight in order to be able to use new services in return. And this not only applies to their own bank, but also to external providers of financial services. The aim is to make banking transactions more convenient for customers – be it payment via the Internet or the management of their accounts.
Summarized in short form PSD2: PSD2 stipulates that banks must grant third-party providers access to customer accounts and data, so that authorised organisations and FinTechs can in future offer their services more easily to private customers – be it construction financing or insurance. Such services are connected via technical interfaces (APIs).
For example, if you have two accounts at two different banks, you should be able to manage and analyse both accounts via a third-party provider: According to the new directive, FinTechs operating such platforms will be allowed to link both accounts, so that the customer does not have to log in via the website of the respective banks, but can use an app, for example. There will also be new providers in the online payment market.
But there are also very tangible aspects, concerning the simplest data that banks have already had to provide since last year: This includes the exact location of the individual branches, details and comparison possibilities of individual products, but also where there are branches with disabled access.
But what are the concrete benefits of the PSD2 Directive – a summary
1. money management
Let’s stick to the example mentioned above: Let’s assume a customer has accounts or credit cards at two or three different banks. Until now, the customer had to look at each of these accounts separately because the banks’ individual systems were not compatible with each other. PSD2 now allows customers to view and compare them all at the same time in one system, for example using an app. This gives banks and financial service providers the opportunity to develop appropriate applications. Typically, these would be dashboards that provide an overview of incoming and outgoing payments. In the UK, for example, HSBC has released such a beta app to 10,000 customers.
But the possibilities go even further: For an invoice that the customer wants to pay online, for example, he can then see and evaluate the respective options for all three banks. Who charges what fees for the service? The customer can decide for himself which option he chooses – based on transparent data.
2. credit system
If you want to borrow money from a bank, you have to prove that your finances are good and that you are a reliable customer. PSD2 theoretically allows you to provide this information online, for example by giving investors one-time access to income and expenses for the last 12 months. There were providers that made this possible even before PSD2. However, until now it was necessary to release the login details for the respective account. PSD2 also enables small and medium sized companies to develop tools and apps that allow customers to share this data with third party providers without having to grant them direct access to the respective account (including passwords).
The current payment system is indeed very complicated. One example: When someone orders a book on Amazon, the seller first contacts a provider such as WoldPay or Global Payments as an intermediary, who in turn contact Visa or MasterCard and debit the amount from the corresponding account. By opening bank details, it is possible to make the payment directly from a bank account, which is faster and – since it eliminates an intermediary – also cheaper. The bank authenticates the purchase without involving a third party organisation.
PSD2 promotes the security of customer data
Customers have a right to privacy and data security, even if they allow third parties to access their account. The PSD2 policy summary requires special security measures. The APIs that are used are trustworthy and the law requires account providers to provide authentication that allows both the user and the service to be reliably and securely identified: Two-factor authentication is required for payment processing and account access. This so-called open banking is therefore at least as secure as any other online banking – provided that the financial service providers have done their homework.