How can banks adapt to meet PSD2?

Insight into the implications for banks of PSD2’s regulations have been widely anticipated within the payments ecosystem for some time, and were investigated at the Open Banking Summit last month.

PSD2 – the revised Payment Services Directive – has for some time been a hot topic within the payments ecosystem. Adopted in October 2015 for full implementation by EU Member States on 13th January 2018, the directive aims – as clarified in the European Commission’s accompanying press release – to create a more efficient, integrated payment market within the EU, lower prices for payments, and enhance consumer protection and the security of payments.

PSD2 stipulates two new categories of payment service provider – ‘payment initiation service providers’ (PISPs) and ‘account information service providers’ (AISPs) – supervised, authorised payment institutions that will have access to users’ bank accounts. Secondly, it introduces a mandatory two-factor customer authentication standard in order to strengthen data security.

Central to the directive is the necessitation of open Application Programming Interfaces (APIs) – software intermediaries that enable interaction and data sharing between applications – of which there are expected to be some 10,000 in the Telco industry by 2020, and around $200bn dollars of revenue from APIs expected by the same point. The consensus amongst experts at the Summit, seemed to be that PSD2 will be a catalyst for the production and consumption of APIs.

The importance of APIs is already leading experts to draw distinctions between ‘born yesterday’ banks, whose structures are already API-centric, and older banks, who will need to adapt their approach and not only embrace APIs but renovate their core systems, in order to provide a compelling digital banking experience and encourage industry innovation.

Having begun to deploy APIs several years ago, mobile network operators (MNOs) can support banks in making this transition. The technology surrounding the API has matured considerably in the past 3 years – and could enable banks to undertake systemic changes, if required, to comply with PSD2 regulation. This is perhaps best illustrated by the Accelerator program announced at the Summit by Apigee, which makes it much easier for banks to embrace ‘open’ technology.

As banks engage more heavily with PSD2, they are having to consider the implications of European Banking Authority Regulatory Trading Standards (EBA RTS), governance, data redaction, liability and security. Operators can assist banks with secure multi-factor authentication, by virtue of the unique attributes they possess and the high level of security afforded by the SIM. For more information on how operators are uniting to develop Mobile Connect, the secure, multi-factor authentication solution, please visit http://www.gsma.com/mobileconnect.