Wavestone report examines how PSD2 lays the foundations for greater openness
The regulatory changes from PSD2 mean banking has been opened up to a wide range of players. How banks respond and rethink their business models will determine who succeeds in this new world.
In recent years, the evolution of the banking ecosystem has been partly characterized by the emergence of new players, payment service providers (PSPs). In order to supervise and encourage the arrival of these new players, the EBA (European Banking Authority) has put in place various regulations: creation of SEPA, harmonization of means of payment, and PSD1.
PSD2 is the logical continuation of previous legislation and a decisive acceleration towards open banking.
Reminder of the regulations
The PSD2 is the European regulation that aims to facilitate online payment services and associated services in an increasingly digital banking environment.
With PSD2, the roles of all payment operators have been redefined and the new regulations make it compulsory for certain banking data to be accessible to third parties.
Today, account aggregators (AISP) and payment initiators (PISP) are two new actors recognized by the EU and subject to the control of the ACPR (Autorité de Contrôle Prudentiel et de Résolution).
As a reminder, PSD2 focuses on three main issues:
• Security reinforcement via strong authentication;
• Implementing new payment methods thanks to PISP open banking;
• Consolidated and interactive access to bank accounts.
In order to comply with the new regulations, banks have been obliged to grant third parties secure access to certain information on customers’ accounts. Secure access is implemented through the API (Application Programming Interface), which is a standard for data exchange between two computer applications. Beyond payments, this sets a precedent in the opening of these financial institutions and their data.
The contributions of the PSD2
Through the implementation of PSD2, financial institutions have opened up access to the first building blocks of their information systems: customer authentication, access to payment account data and initiation of transfers with the customer’s consent.
The opening of these first bricks has accelerated the implementation of technological standards facilitating the exposure of banking services:
• The implementation of API REST as a method of privileged access to banking IS resources;
• The use of Open ID Connect, based on OAuth2, as a standard for delegating authorization allowing external applications to gain access to APIs.
In addition, this opening up of payment services has made it possible to energize a new ecosystem around payments and encourage the emergence of new value-added services.
Among these services, Franfinance has, for example, developed a new scoring method using data from the aggregation of accounts. This method consists of asking the client for access to its banking data from the aggregation of its accounts, then analyzing the history of this data to generate a credit score. This makes it possible to diversify scoring methods and facilitate access to credit for a population that would not be eligible using traditional scoring methods.
Following the same logic, new cashback services have emerged thanks to the aggregation of accounts. Joko, launched in 2018, is a mobile application that allows users to transform their bank card into a loyalty card. To do this, Joko connects to the user’s bank and enables them to accumulate points for each bank card purchase from partner brands. These points can be accumulated and exchanged for vouchers or converted into associative donations. Joko does not have a banking licence as the startup does not offer account opening services, but it is an ACPR-approved payment institution. This license allows it to provide related services based on the use of banking APIs.
PSD2 has thus pushed the banks to APIser a first set of services. Beyond the simple regulatory constraint, this opening has made it possible to impose standards that make a wider opening of the banking IS possible. Banks now have the opportunity to transform themselves and open up their value chains more widely, laying the foundations for a second model of openness: service exposure.
To read more, download your free copy of the report today!