The new EU directive, PSD2, will foster more innovation, transparency, and security in the payment services market, allowing traditional banks and FinTech to compete on equal footing.
The first version of the European Directive on Payment Services (DSP1, voted into law in 2007) laid down the legal basis for the creation of SEPA (or the Single Euro Payments Area).
Since the implementation of the DSP1 in 2009, the global financial industry has evolved considerably. Fintech startups have emerged and triggered a deep disruption of banking practices, in particular with mobile payment services.#EU directive #PSD2 fosters innovation and transparencyClick To Tweet
Now, a revision of the directive comes to set the same rules to all payment service providers while also legitimizing the new players.
The revised Payment Services Directive (PSD2) will enter into force in January 2018 and will be implemented across all EU member states.
From then on, European financial institutions will have to open the doors of their data fortresses (APIs) to third parties.
What Does This Directive say and What are its Implications?
Adopted by the European Parliament on October 8th, 2015, the revised Payment Services Directive (DSP2) will come into effect on January 2018, and would help the ongoing digital disruption of payment services to put on a spurt.
By this directive, the European Commission requires banks and payment providers, or any company that holds data about client accounts, to grant third-party providers (TPPs) unrestricted access to the payment accounts of their clients.
This seems like a clear Blockchain inspiration.
The “Access to Account” (XS2A) allows any duly authorized payment service provider to retrieve these data and exploit them.
The third-party providers in question are the new players that are driving a revolution in the payment services industry by providing new types of services: Fintech, such as PISPs (Payment Initiation Service Providers) and AISPs (Account Information Service Providers), and ASPSPs (Account Servicing Payment Service Providers)
The EU’s proposed “open banking” approach mainly benefits consumers:
1. New (Cheaper) Payment Services
The directive provides a regulatory frame to support the development of a new payment services ecosystem.
FinTech firms will be able to offer customers a fluid experience through their apps, like payment initiation, regrouping of multi-accounts information, and investment management, and other new or enhanced services.
In addition, for customers: they will be spoiled with a choices of payment service providers competing to offer best services at lower fees.
This compares to Japan’s move towards J-Coin, which will attempt to digitize all currency.
2. Increased Transparency
The new rules should improve the transparency of payment services to increase consumer confidence, which should, in turn, have a positive impact on the payment services industry.
From the text of the proposed legislation:
“In the interest of transparency, this Directive lays down the harmonized requirements needed to ensure that necessary, sufficient and comprehensible information is given to the payment service users with regard to the payment service contract and the payment transactions.”
3. Bolstered Security
The new regulatory framework is an important step toward the strengthening the security of payments. You could also argue it’s an important push towards digitizing payment services.
The application of the DSP2 rules would:
“ensure the security of payment transactions and customer protection against demonstrable risk of fraud.”
The directive requires strong client authentication, consisting in adopting at least two authentication factors independent of each other.
Because opening their APIs to many service providers raise security concerns, banks are obliged to enhance their security systems.
The three major credit reporting firms (Equifax, Experian, and TransUnion), get data on customers from lenders (for free), aggregate them into credit reports and ratings (of borrowers) and sell it back to lenders.
Equifax, which made $489 million in profit last year, said it “relies extensively” on the “voluntary contribution on credit data from most lenders in the U.S.”
The Summit Credit Union has launched a lawsuit against Equifax over the cyber breach, and other financial institutions (and individuals?) could do the same.