This article looks at the challenges faced by traditional banks in both business and technical terms.
Part 3 of the Series: The Revised Payment Services Directive - The quest for a pan-European payments utopia
In Parts 1 and Part 2, we have looked at the core features of PSD2 and how it creates multiple opportunities for new market entrants.
A tough time for banks?
Some banks seem to have already foreseen that future innovation in banking will likely come from technology and are now rebranding themselves as technological innovators themselves. However, the question to ask is if they are nimble enough to change their business models and savvy enough to adapt to the rapidly changing technological landscape. Here are some of the challenges that they face:
- Banks will undoubtedly lose some revenue from their payments business to PISPs and would have to compensate somehow.
- It will become much harder for banks to differentiate themselves and prevent commoditization of their services. If the customers feel that the real value addition is done by the PISPs, then banks would have to find new USPs.
- Banks will also have to bear an extra financial burden in providing the IT infrastructure to allow for use of open APIs and also to provide robust cyber security arrangements to protect these new interconnections.
- AISPs and PISPs will only need a single license from their home countries to operate in all of the EU, as opposed to traditional banks which require a license from the financial regulatory authority of each country that they want to operate in. The cost sharing might be lopsided, it seems.
The technical debate - The tyranny in the womb of Utopia?
The greatest challenge to implementation of the PSD2 comes from a technical standpoint and from the point of view of existing banks. These banks have to modify or configure their existing IT infrastructure in such a way that it allows for "plugging-in" by third part APIs while sill maintain security. The systems will have to be flexible enough to allow all sorts of different apps to access the relevant data. The information that would be required to be shared would have to be taken from the core banking systems of the banks and many of these systems might not be capable of handling this at all. In such cases, some banks might have to modify their systems or migrate either to purpose built or more flexible systems in order to allow for this functionality. Needless to say, this might prove to be a massive and costly endeavor which might further be prone to operational risk as well, especially if rushed.
While some banks have already been exploring APIs, they have been doing so in a limited fashion and for select products. These players have already recognized the cost and UX benefits of such applications and will gain the first mover advantage in the PSD2 landscape.
On the security front
The technical standards for implementing the recommendations of PSD2 were published by the European Banking Authority. These guidelines serve as the backbone on which the technical architecture will be built and solutions created.
Multi factor authentication for transactions has been mandated which might dash the hopes of some players who offer one click solutions. However, there are certain scenarios which have been defined where exceptions can be made. These would be low value transactions or transactions with parties that the user has previously deemed to be trustworthy. This straitjacketing somewhat reduces opportunities for differentiation by service providers but is clearly aimed at providing a basic minimum level of security.
The use of eIDAS certificates has also been mandated for electronic identification. This does offer additional security but the actual implementation for issuance of these certificates might pose a challenge in itself.
Conclusion
The revised directive, PSD2, aims to achieve a lot while leaving some questions about technical feasibility unanswered. The challenge is now directed at the financial business community at large to grasp this opportunity to leap forward in terms of capabilities and functionalities. The next one year would be critical in deciding the fate of PSD2 and the world would be watching to see if the lofty goals are indeed met.
References
- Read more articles on FinTechs in VentureSkies' blog section.
- Read more on the services and packaged solutions which VentureSkies offers for FinTechs.
- PSD2 Directive - DIRECTIVE (EU) 2015/2366 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC (2015), The European Parliament and the Council of the European Union.
- DIRECTIVE 2007/64/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 13 November 2007 on payment services in the internal market amending Directives 97/7/EC, 2002/65/EC, 2005/60/EC and 2006/48/EC and repealing Directive 97/5/EC (2007), The European Parliament and the Council of the European Union.