With an unprecedented amount of change happening in the payments landscape, it can be difficult for organizations to navigate the various ways that new payment requirements like Open Banking and PSD2 will change how businesses pay and get paid. As the second installment of our Creating Winning Propositions series for banks, this edition focuses on the differences between Open Banking and PSD2 and why they matter to your organization.
With the risk of organizations falling victim to financial fraud constantly rising, payments requirements like Open Banking in the UK and PSD2 in the EU were established with the intention of making payments easier and more secure. The new regulations contain important requirements for Strong Customer Authentication and real time transaction risk analysis to ensure a secure environment. The key objectives of Open Banking and PSD2 are to increase competition through innovation, and give customers more control over their financial data.
Third Party Providers
A common feature of both Open Banking and PSD2 is that they introduce important new categories of regulated entity. The overarching term is a Third Party Provider (TPP), which can be comprised of banks, fintech firms, or even regular corporates like tech giants, large retailers, or online merchants. A Third Party Provider can perform two possible functions:
• Account Information Service Provider (AISP)
• Payment Initiation Service Provider (PISP)
In the UK, a TPP needs to be accredited by the Financial Conduct Authority, while the EU requires TPPs to apply to the financial services regulator of the member state in which it is located.
Under these new payment requirements, banks are now required to share customer data with regulated AISPs and to accept payment instructions received via PISPs, but only in cases where a customer has properly authorized a bank to do so.
APIs (Application Programming Interfaces) are what allow banks to securely exchange customer data with AISPs and receive payment instructions from PISPs.
Although there has been a focused effort to align the requirements of Open Banking and PSD2, there are several fundamental differences between the two initiatives. Namely, while Open Banking in the UK requires the standardization of APIs, PSD2 in the EU does not. In an effort to make it easier for Third Party Providers to exchange bank account data and initiate payments, Open Banking requires the top nine banks in the UK (CMA9) to adhere to a common API standard. On the other hand, the European Commission imagined that requiring an API standard would decrease competition, encouraging market forces to define the future of APIs.
Common standards for APIs reduce the complexity of business payments, and European markets have already created several initiatives to standardize APIs within PSD2 at a national or regional level. Ironically, the EU’s decision not to impose a common API standard risks creating unnecessary complexity to the opening up of bank data, and ultimately leaves the success of PSD2 in the hands of the market
Whether the EU will follow the standards set by Open Banking in the UK and eliminate the ambiguity of APIs remains unknown. However, it is important to note that more and more countries around the world are starting to adopt APIs and Open Banking principles. When entering this new era of payments, eliminate the risk of complicating the exchange of bank account information by opting for common API standards.
For a deeper dive into the opportunities and implications presented by Open Banking and PSD2, download the full whitepaper: How Banks Can Create Winning Propositions.
And for even more insights into the payments industry and beyond, subscribe now and stay up-to-date on the latest trends and topics.
Follow this link to read Part 1 in the series which focuses on the implications and opportunities presented by new payment regulations: PSD2 and Open Banking Drive Innovation.