The second Payment Services Directive, commonly known as PSD2, modernizes the banking industry by changing the way banks and other account-holding financial institutions interact with other financial service providers. Before PSD2 implementation into all the EU countries’ national laws, banks and other account-holding financial institutions had complete control over their customers‘ account data.
Due to rapid digitization in the banking industry, shift to e-commerce, and the overall new approach to the payment market, these monopolies of consumer data built by banks had to be broken up. To keep up with the emergence of innovations within the payments industry, the European Commission in 2013 suggested the additions and alterations to the original legislation, known as the first Payment Services Directive in the form of PSD2, which came into force in January 2018. To encourage greater choice and more innovative services for consumers, the new directive promotes competition by leveling the playing field for all payment service providers.
How does PSD2 promote a level playing field for all parties?
To reach PSD2’s objective to bring more competition and innovation in the payment market, PSD2 establishes a framework for new types of payment services, so-called payment initiation services and account information services, and new roles for these service providers. Specifically, PSD2 includes Regulatory Technical Standards, also known as RTS, that specifies the requirements for common and secure standards of communication between all parties, including:
- payees;
- payers;
- account-holding financial institutions, usually banks;
- and newcomers, known as third-party providers, such as Account Information Service Providers or AISPs and Payment Information Service Providers or PISPs;
- other service providers as per PSD2.
PSD2 RTS ensures adequate security by regulating how the access to the customer’s account is shared between the bank and the AISP or PISP and places AISPs and PISPs on the same level playing field as other financial institutions. To put it differently, RTS under PSD2 demands account-holding financial institutions give other financial service providers the ability to access their customer account data and process their payments and transactions. To put it in practical terms, PSD2 requires account-holding financial institutions to allow access to consumers’ data by providing communication interfaces to third-party providers.
How do PSD2 APIs work?
As already mentioned, under PSD2, account-holding financial institutions must put in place a communication channel that allows third parties to access the data that they need. This communication channel also allows these institutions to identify each other when accessing customer data. Usually, banks establish this communication channel by using APIs, also known as Application Programming Interface, a set of requirements that regulates how one software communicates to another.
To put it differently, under PSD2, APIs technically ensure the sharing of account information between third-party providers and account-holding financial institutions. Banks can use already existing consumer open banking interfaces or create their dedicated interfaces. Also, from a regulative perspective, PDS2 RTS strictly governs the utilization of these AIPs and the exchange of data between different parties and requires banks to document and make technical specifications concerning dedicated API publicly available to achieve interoperability and allow third parties to develop their technology solution.
PSD2 APIs allow third parties to build innovative financial services on top of the services provided by banks. For customers, this means more choice, options, and services concerning how they pay, manage and monitor their payments, with the option to get an aggregated view across their multiple accounts. For instance, Nordigen is an authorized AISP that connects to banking data AIPs of over 2000 banks in Europe and can provide consumers with a single API. The users of this single can access the financial information from all their payment accounts, even if those are held on multiple banks in 30 different countries, for free.
Ingrid Maldine is a business writer, editor and management consultant with extensive experience writing and consulting for both start-ups and long established companies. She has ten years management and leadership experience gained at BSkyB in London and Viva Travel Guides in Quito, Ecuador, giving her a depth of insight into innovation in international business. With an MBA from the University of Hull and many years of experience running her own business consultancy, Ingrid’s background allows her to connect with a diverse range of clients, including cutting edge technology and web-based start-ups but also multinationals in need of assistance. Ingrid has played a defining role in shaping organizational strategy for a wide range of different organizations, including for-profit, NGOs and charities. Ingrid has also served on the Board of Directors for the South American Explorers Club in Quito, Ecuador.