PSD2

PSD2 – new opportunities but an issue of trust

| 07-11-2017 | Lionel Pavey |

PSD2PSD2 (Payment Services Directive) is an extension on the existing PSD within the EU. The objective is to increase competition in the payments industry, whilst increasing access from non-bank firms. This should lead to standard payment formats, infrastructure and technical standards – at first glance an improvement for consumers. However, there appears to be a particular threat to privacy and the threat of third parties gaining excessive access to personal data.

What are the objectives of PSD2?

  • Standardising, integrating and improving payment efficiency across EU states
  • Harmonise pricing and improve security of payment processing across the EU
  • Providing better consumer protection
  • Encouraging innovation and reducing costs
  • Create a level playing field and enable new entrant payment service providers
  • Incorporate emerging payment methods such as mobile payments
  • Bring new and emerging payment services under regulatory control

For the fintech industry this is a welcome development – they are focused on providing alternative platforms for standard bank products.

 What changes will take place because of PSD2?

  • Third party Access to Accounts (XS2A) – E-commerce companies can take online or mobile payment directly from a consumer’s bank account without going directly through PCI intermediaries (Payment Card Industry); this process will be known as Trusted Third Party (TTP) Account Access.
  • The ability of API’s to take payment – The ability of an Application Programming Interface (API) enabling payment by directly connecting the merchant and the bank
  • The ability to consolidate account information in a single portal – An API enables a new type of financial services company – an Account Information Service Provider or AISP – which aggregates account information to let consumers with multiple banks view all bank details in one portal

A Dutch television programme that informs on consumer issues (AVRO/TROS RADAR) recently broadcast a report on the potential dangers of PSD2 with regard to issues around personal privacy. By granting access to TTPs they are able to access your bank account and retrieve all the data from the last 90 days. This will enable them to provide consumers with a better overview on products and services. However, it also means that they gain a valuable insight into how much you earn, how you spend your money and which companies you transact with. In theory they could offer you alternatives which are cheaper and more tailored to your individual requirements.

But to be able to do all this, they will also need access to your verification methods – in other words they will need to know your PIN numbers. We have always been told, especially by the banks, that this information is strictly confidential and should never be given out. There is also the possibility that they could offer you a special discount that can only be obtained if you give away your personal access codes.

This opens up the payments market to potential fraud – how do we know our personal data will be protected; how will the companies guarantee that the data is only used for a specific product or service; who can ensure that our data is not sold to data mining companies; how can we be sure that our personal data is erased if we decide to opt out in the future?

Commercial banks are subject to numerous directives to ensure they conform to all legislation regarding banking and data protection. How can we get the same guarantee from a fintech solutions provider who might be tempted to increase its revenue by selling data?

However advanced our technology becomes, finance is an industry that has always relied on trust. Banks can only thrive if customers trust them with their money. We assume that if we deposit money into a bank, the bank acknowledges our position as a debtor and will repay us when we demand it. We expect them to exercise a duty of confidentiality and not disclose information about us. When that trust is broken, confidence in the bank is lost and this can quickly escalate to a run on the bank as mistrust leads to customers wanting their money back.

Do we feel the same level of trust for non-bank parties who gain access to our bank data?

 

Lionel Pavey

Cash Management and Treasury Specialist