Security Blog

PSD2 – Where are we now?

The announcement of PSD2 caused a rumble in the banking jungle, and many believe that the directive will revolutionize the payment landscape. The deadline for PSD2 was set to be January 13th. We are now a bit into 2018, so it’s time to evaluate – where are we now with PSD2?

The European Banking Authority (EBA) announced the Revised Payment Service Directive back in October 2015. The directive is an effort to break the big bank monopoly, facilitate competition and growth of fintech companies, as well as make the transition towards open banking. We have previously written a whitepaper on PSD2 that can be found here.

Banks as well as countries have found it hard to meet the deadline. In Sweden, the government has postponed the implementation until May 2018. In the UK, only three out of nine banks met the open banking regulation/PSD2 deadline. Some have blamed this on banks deliberately stalling the implementation because of the expected financial losses PSD2 could mean for them.

The directive poses technological challenges, but also great opportunities for banks, fintech companies and consumers.

What do banks have to do?

PSD2 requires banks to open up their data. This means that they have to build Application Programming Interfaces (API:s) to give third party providers access to customer data. APIs are sets of code that enable secure access to back end data. So essentially, PSD2 allows developers to build their own products and services around the banks’ platform and data.

Facilitates competition and innovation

The banking industry in Europe has been criticized of being a monopoly, giving fintech companies little chance to compete. The purpose of PSD2 is to open up for more competition in the payments industry.

Leading up to the deadline, quite a few banks published open developer portals to comply with the legislation. Some of them being BBVA, Saxo Bank and Nordea. HSBC has created an ‘HSBC Beta’ app where users can see all of their bank information, even if they have bank accounts with different banks.

Opening up the banks’ platforms and giving third party providers access to customer data enables more of an understanding of consumers spending habits, which could actually lead to the creation of new innovative products and services. One can particularly expect to see new services within the areas of money management, lending and payments.

High demands on security

Financial information is highly sensitive. The opening up of platforms and increased movement of data puts high demands on security. Now, API:s and open banking is safe, and there will be requirements on strong authentication. The EBA have published security guidelines that you can read here. The guidelines emphasize the importance of having processes and routines in place that address information security. Further, as always, banks and payment service providers should be proactive when it comes to security measures. PSPs could benefit from testing the security of new products and services through for example vulnerability scans or penetration testing.

Will PSD2 lead to the payments revolution as originally envisioned? We will just have to wait and see. Rome wasn’t built in a day, and we can expect the development of new services in the coming months and years. What we do know is that the movement towards open banking and the creation of more innovative services is exciting, both from a company and consumer perspective.

  • 24 Solutions AB
  • Smedjegatan 2C
  • SE-13154 Nacka, Sweden
  • +46 (0)8 535 24 100
  • info@24solutions.com