PayThink Europe's PSD2 Might As Well Apply to the Entire World |
In recent years the security of electronic payments has more and more become the subject of supranational guidelines and regulations in Europe The initiatives for these guidelines and regulations originated from the European financial regulators as well as the European Commission On November 27 2017 the European Commission published its final Regulatory Technical Standards RTS on Strong Customer Authentication SCA and Common and Secure Communication CSC under PSD2 With the release of the final PSD2 RTS requirements banks of all sizes can now take action to develop a compliance strategy and implement effective security solutions for electronic remote payment transactions Image Bloomberg News The Revised Payment Services Directive known as PSD2 harmonizes security requirements for online banking and online payments providing a common regulatory framework for the European Union EU The security requirements in the final RTS are driven by two core objectives of PSD2 protect consumers from fraud by increasing payments security and enhance competition and innovation in the retail payments market It is my belief that while change often causes initial disruption the long term benefits of an initiative like PSD2 will be worth it given that fundamentally the ideas and reasoning behind PSD2 are good It opens up the market which will drive innovation while increased competition is always better for the end user as it fuels advances from a security and convenience perspective With PSD2 Third Party Payment Service Providers TPPs which are often fintech companies will have far greater access to users banking data Thats because under PSD2 they will have the ability to build two types of applications The Account Information Services AIS which gives customers an overview of their accounts at several banks and Payment Information Services PIS which enables customers to make transactions from different banking accounts In principle every fintech company that meets the requirements issued by the European Central Bank can develop those applications and while the benefit from a consumer perspective is obvious it also means that companies not normally associated with banking like Google and Facebook can develop those applications to act as an AIS and PIS provider The upshot of this could ring alarm bells for anyone who has concerns about how much personal information tech giants already hold on their users consumers may not feel comfortable knowing that those data accumulators could now have access to their financial data and behavior too A further issue that consumers need to consider is the ease with which a company like Facebook could integrate in-app sales into existing applications like Facebook Messenger for example thereby simplifying transactions in a way that encourages consumers to spend more money more easily Although PSD2 is an EU banking and finance regulation it does shake up the global finance sector including the US and other global banks should not ignore it PSD2 forces US banks who have a footprint in the EU to follow the PSD2 requirements This essentially means they have to provide open APIs towards AISs PISs and protect accounts using SCA mechanisms Second PSD2 is generally seen as the early bird of open banking in the world and it might trigger evolutions towards open banking in the rest of the world including the US It could therefore be interesting to look at the current state of open banking in the US and compare it against PSD2 Lastly PSD2 allows US banks who obtain a license as AISP PISP in the EU to obtain financial data about EU citizens The other approach whereby EU banks obtain data about US citizens is not possible yet through open APIs While there are some potential challenges to address I am encouraged by PSD2 I see it as an opportunity for banks to bolster their service offering while at the same time working with fintechs to respond effectively to changing customer demands to drive both convenience and security in the fast-paced online world