The coming payment service directive from the European Commission marks a shift in banking regulations. Instead of prohibitions and limitations, the overall purpose of PSD2 is to create an even playing field and encourage innovation in the payment space as a part of SEPA (Single Euro Payment Area). Although all the technical details is yet to be sorted out, the directive states that banks need to offer payment APIs to third party-providers of financial services, also known as TPPs (Third Party Provider) under the XS2A (Access to account) rule. This creates new roles in the payment landscape:
PISP (payment initiation Service providers) will be able to initiate online payments from the payer’s bank account. A PISP could potentially provide new payment options bypassing traditional payment schemes and intermediaries. The directive states that these payments must not be treated with any form of discrimination compared with payments initiated by the bank.
AISP (Account Information Service Providers) will be able to extract and accumulate customers account data, including transaction history and account balance. The directive enables AISPs to present an aggregated view from more than one bank account. AISPs can analyze spending behavior or aggregate a user’s account information from several banks into one overview, rendering traditional mobile and online banking solutions based on one account obsolete.
ASPSP (Account Servicing Payment Service Providers) aka banks and financial institutions are the account providers that is required to offer APIs to PISPS and AISPs. ASPSPs can introduce a price per transaction for PISP, but may not charge differently for payments initiated through PISPs than they would for payments initiated through their own systems. This is one of the biggest uncertainties regarding the directive, as it is still it seems like ASPSPs may introduce price exeptions for objective reasons.
Security is obviously an important aspect of PSD2, and the regulation introduce several security requirements for TPPs. EBA (European Banking Authority) is responsible for technical standards regarding security. A public hearing regarding technical standards will take place at the EBA premises on Friday 23 September 2016.
According to a study conducted by pwc, 68 percent of bankers are concerned with losing control over their customer interface. Pursuing a traditional compliance approach to PSD2 sets banks at risk of becoming mere utilities, while ownership of the customer relationship shifts to third parties. Its companion, the Interchange Fee Regulation (IFR) for card-based payment transactions, is already having impact. It challenges the existing market structures and in particular major card schemes like Visa and MasterCard. PSD2 is also expected to increase IT cost as well as reduce retail payment revenues. Despite the concerns, PSD2 acts as a catalyst for banking as a platform, and should be viewed as an opportunity for incumbents.
The directive is expected to be implemented in national legislation by January 13 2018.