To bring innovation, security, and competition to the fore, the European payment market decided to revisit the Payment Services Directive (PSD).
Since the adoption of PSD in 2007, the European economy witnessed rapid digitalization and innovation. Stiff competition led to significant changes in the payment landscape. There were new entrants in the online payment world and the” payment anywhere- anytime model” heightened financial risks. The new players were outside the scope of PSD and were not regulated at the EU level. This gave rise to the need for a PSD update. The revised Payment Service Directive, PSD2, was the subject of great debate and consultation in the European Commission since 2013. Finally, the European Parliament adopted the revised version of PSD in October 2015.
Taking a closer look at PSD2
But why PSD2 has attracted so much attention. Typically, when we buy something, we enter our payment details into the merchants’ website. The money is transferred to the merchant from our bank account with the help of a few intermediaries. However, with PSD2, retailers will be allowed to ask consumers for permission on whether they can use their bank details. After their approval, the retailer receives the payment directly from the bank. APIs allow direct connection between the bank and the retailer. In case you have accounts in multiple banks, PSD2 will allow you to view details of all the banks in one portal. As new payment services providers and retailers have access to your account information, they can leverage new cross-selling opportunities. By 13th January, 2018, it will be mandatory for all European banks to provide payment account access (XS2A) to the third-party-providers.
Understanding the impact on consumers, merchants, and banks
PSD2 will prove to be a highly beneficial proposition for the consumers. Direct integration of their bank accounts with merchant acquiring sites is a good move and improves customer experience and convenience. Customers can now use the most convenient app interface to keep track of their transactions and bank account details. All the accounts are consolidated in one place and are highly protected as per PSD2 security requirements and standards. With PSD2, merchants can operate in an even playing field and establish a stronger relationship with the customers. PSD2 also ensures reduced costs compared to card exchange. Usually, credit card processing fees which range from 1.5% to 3.5% negatively impact the online retailer margins. With the revised Payments Services Directive, online merchants have the opportunity of emerging into their own payments processor such as a Payment Initiation Service Provider (PISP). After a transaction, the payments are immediately settled into the merchants’ accounts. In addition, banks can position themselves as Account Information Service Provider (AISP). It will be similar to the services offered by Mint in the United States.
Let’s consider scenario
To understand PSD2-X2SA clearly, let’s take an online travel company as a case in point. When a customer shops online for tickets, at the checkout he is presented with a ‘Pay By Account’ option. After the bank login details are provided, the online travel company initiates a payment on his behalf. The travel agent needs to obtain a security token from the bank which ensures that the customer’s bank details are protected. Next, the travel agent invokes an Account Information API to display the list of multiple accounts from which the customer can make a payment. The bank will check whether the online travel company is registered as an AISP and whether the customer security credentials are valid. The customer selects the account he wants to use depending on the balance which is available. Subsequently, the travel company sends a payment request by invoking Payment Initiation API, which includes dynamic TX linking and authentication details. The bank will ascertain whether the travel company is authorized to be a PISP and whether the payment can be executed. It sends the status of the payment request to the travel company, which on receiving the confirmation of payment being processed, completes the order. In case the payment request is not valid, the payment will not be processed and an alternative method of payment is considered.
An operations and technology overhaul with PSD2
The primary consideration of PSD2 is to move to an open and pluggable architecture. To achieve this, banks are restructuring the underlying legacy infrastructure through modernization and consolidation. Additional IT structure needs to be built and access channels need to be provided to Third Party Providers (TPPs) which allows them to plug their app easily into the infrastructure. Another important consideration of PSD2 is localized implementation owing to difference of opinions around technical standards variation and discrepancies in payment behavior in EU countries. To compete with the TPPs, banks will have to embrace value aggregation activities as AISP. Further, the onus lies with the banks to ensure security and protection of the customer identity when they maintain and share customer information. In the open API environment, it is crucial to ensure effective governance and management of services especially with multiple stakeholders participating in the value chain who have little clarity on ownership.
Embracing the banking disruption
It is widely expected that PSD2 will drive the creation of new business models and prove to be an agent of disruption in Europe’s banking markets. PSD2 brings about a significant shift for the traditional banks as they can no longer maintain strict ownership over customer data. The control would be with the customer and allows the customer to choose from a wide range of banking applications. By bringing the customer at the center of the baking ecosystem, PSD2 provides banks with the opportunity to improve customer experience and gain a competitive advantage.
- Unnikrishnan Ravindranath – Deputy General Manager, Payments Practice, HCL
- Arunachalam RM – Business Specialist, Payments Practice, HCL