The Future of Banking and Financial Services Now Depends on PSD2 and Open Banking API
August 27, 2019
Digital is redefining the future of banking and financial services in a myriad of ways. While for most incumbents, that means embracing an entirely new approach to doing business. Today people are willing to spend more on experiences and leisure with family and friends. Being on the go more than ever, they don’t want to waste time visiting brokerage offices or bank branches.
These days, customers expect the same level of accessibility, personalization, and ease of use they get from various platform-based businesses. Amazon Prime and Hulu curate shows following on from user behavior and preferences. Twitter and Instagram suggest accounts, tweets, pictures, and IGTV channels based on likes. Customers use smartphones to get rides from Uber or book apartments via Airbnb, and they’re willing to interact with financial institutions in the same way.
Technological waves that drive the financial services industry forward
In the last twenty years, technologies have forever transformed the banking industry. First, we witnessed the introduction of electronic operations and ATMs. The next technological wave came with better insights on customer behavior and preferences, leading to super-personalized offerings.
The latest wave is expected to bring even a more fundamental change. With fintech consulting and app development services being our core focus, we believe that the following forces will soon reimagine how financial institutions work and evolve. This time we’re talking about artificial intelligence (AI), machine learning (ML), robotic process automation (RPA), and internet of things (IoT). However, in light of recent events, an open application programming interface (API) grabs the biggest piece of the pie and generates buzz in the financial services and banking industry.
Although API isn’t a new technology in the world of software development, it is actively gaining ground in the banking industry to accelerate connectivity among various stakeholders. Incumbent banks used to avoid open API development due to security and financial concerns. However, today, governments force them to offer APIs through the PSD2 and open banking regulation, encouraging fintech technology firms to enter the commercial marketplace.
Explaining Open Banking and PSD2 difference
The introduction of the Second Payment Services Directive (PSD2) in the EU and EEA, as well as the launch of the open banking standard in the UK, are still seen as a banking revolution. Concurrently, they are shaping the future of fintech. Both initiatives are expected to drive innovation by enabling secure and easy data sharing between financial institutions, third-party service providers, and customers.
Yet to help our clients seize the opportunities presented by these initiatives, we’ve decided to explain the differences, similarities, and possible implications of PSD2 and open banking API based on our experience.
What is PSD2 regulation?
In a nutshell, PSD2 is a statutory framework that will create more ways for easy, fast, and secure payments throughout the European Economic Area and European Union. It’s all about opening customer banking data - with client permission - to the authorized third-party providers (like financial technology companies and retail merchants), thus simplifying standard banking operations for consumers and excluding the middleman entirely.
The initiative is focused on the standardization of APIs and the creation of a third-party payment service provider (TPP) register. Additionally, it establishes two types of certified payment institutions to provide users with more choices and freedom in how they manage finances:
- Payment Initiation Service Provider (PISP) - allowed to obtain account data collected by financial and banking institutions;
- Account Information Service Provider (AISP) - enabled to initiate payments to or from a customer’s account.
To become a TPP and get access to a client’s account information and transaction, firms should go through a strict application process and obtain either a PISP or AISP license. Such approach defines what data will be retrieved and with whom it will be shared. Additionally, it underlies a data processing flow under the EU General Data Protection Regulation (GDPR).
What is an open banking API standard?
UK open banking is often called the local response to the European PSD2 regulation. It is a set of rules that requires banks to share access to online payment initiation and customer account information through the use of open APIs. As a result, third-party providers (TPPs) can develop innovative financial solutions and services around banking institutions, like confirmation of funds or payment initiation.
Although open banking and PSD2 are seen as a prerogative of Europe, banks in Australia, USA, Canada, and Asia are already working hard to leverage APIs and open banking features. For instance, Bank of America introduced its API gateway back in January 2018, to align with the implementation of the PSD2 project in the EU.
How PSD2 and Open Banking API are unlocking the potential of the banking industry
Having open banking and PSD2 explained, it’s important to note that these regulations are set to dramatically change the way banks, businesses, and customers manage data, pay, and get paid. If we look through a business prism, the potential benefits are as follows:
- Expand the range of offerings. One cannot depreciate the value of these initiatives for the banking industry, as within the new ecosystem APIs serve as new channels of doing business. Employing APIs and partnering with digital platforms, banking institutions can enhance their standard offerings and services by creating comprehensive packages and cross-selling complementary products.
- Unlock the unserved markets. For small and medium-sized enterprises (SMEs), it’s challenging to tap into the same markets that their Fortune500 peers do. However, cooperating with the right digital platforms, new financial entrants can ensure a smooth and less risky start in untapped markets. A longer history of engagement with clients would facilitate building trust and grant a company with a top-of-the-mind advantage when they decide to deepen relationships with customers.
- Generate new revenue streams. New regulations are about building everything for sale, and online experiences are no exception. A digital-only bank is a good example that is confidently winning the market by being customer-centric, cost-efficient, and technology-driven. Such new-age challengers offer 24⁄7 and quick features, along with data-driven solutions and services.
To thrive in the industry, well-established banks should advance their digital capabilities; otherwise, new entrants will be able to substitute them with compelling services and offerings. As a result, reputed companies such as HSBC, Barclays, and Lloyds Bank are already adopting Open Banking initiatives. However, in a time when Apple, Google, Amazon, or Uber continuously compete with themselves by delivering personalized and simple experiences, will that be enough?
Opening Greater Value with Fintech Development Services
While banks are casually shifting their focus to customers’ needs, trying to update their legacy systems with new features or services, new financial services firms are entering the market with innovative fintech solutions and technologies. Superior experience with GAFA (Google, Amazon, Facebook, Apple) companies lifts the satisfactory bar, and customer expectations in the monetary sector stay relentless.
With no legacy technologies and processes of traditional financial organizations, fintech companies have promptly identified and introduced focused solutions to leverage technology and data for the improved customer experience. As a result, today you can install one single app to manage all your credit cards, transfer money in a few clicks, get real-time reports on all your banking accounts, share bills with friends, set up push notifications, and more. We closely work with SMEs in the UK and USA, supporting them with fintech consulting and app development services. Over the past year, we’ve taken part in the releases of such game-changing fintech products as Dozens, Downing, GetChip, and many others. They’ve been warmly welcomed by the increasingly tech-savvy audience, especially in the payment and management product lines.
While previously considered a major threat, incumbent banking organizations now see fintechs as potential partners that bring innovation, technological expertise, and agile approaches to the table. The World Retail Banking Report notes that today, over 70 percent of banks view collaboration with BigTechs and FinTechs as an opportunity to generate alternative revenue sources, creating new services and offerings.
Open Banking and PSD2 in Europe: What Do They Mean to Cyber Security?
The initiatives bring both great opportunities and challenges for banking institutions and TPPs. Forty-eight percent of consumers worldwide are concerned about cybersecurity and their data protection in particular. On the one hand, PSD2 and open banking API make the financial market more customer-centered and data-driven, through the expansion of services and elimination of the monopoly. On the other hand, they considerably broaden the threat surface and require fintech development and outsourcing companies to introduce new security measures.
To mitigate common security risks and introduce clear standards for financial institutions, PSD2 comes with a list of specific requirements. Consequently, the directive expects strong customer authentication (SCA) on most online payments and common and secure communication (CSC) certificates, namely:
- Qualified Certificate for Website Authentication (QWAC) - applied to protect data during peer-to-peer (P2P) communications and used together with Transport Layer Security (TLS) protocol, as defined in IETF RFC 8446 and IETF RFC 5246;
- Qualified Certificate for Electronic Seals (QSealC) - introduces digital signature to protect documents and data applying CAdES or XAdES, ETSI’s PAdES standards, and claim their origin in legal terms.
Partnering with SMEs, no matter if we provide fintech advisory or application development services, we help them implement a number of operational and technical security measures including:
- advanced customer authentication
- transaction risk analysis
- protection of communication channels
- advanced encryption methodologies
- user-behavior analytics (UBA)
- security information and event management (SIEM) solutions
Since hackers often target the transaction source, we consider customer security first and implement whatever threat intelligence available to evaluate risks within a given transaction. Putting safety at the heart of everything, fintech software development companies will lead the transformational change and ensure advanced fraud management. Additionally, it’s essential to react to any indication of a data breach in real-time and adjust the security controls accordingly.
How can you prepare your business for the PSD2-Open Banking wave?
Open banking and PSD2 shape formidable opportunities for merchants, as they can make better data-driven decisions, offer superior user experiences, all while cutting down the expenditures.
Our experience cooperating with financial institutions, as well as providing fintech advisory services to the UK, US, and EU firms suggests that currently, companies should concentrate their efforts on five principal areas:
- Business strategy. Registration in the TPP list and license acquisition is a top priority for any type/size of financial business. Your plan will have a significant effect on the type and amount of data that you can obtain and use. The guidelines on PSD2 registration are provided by the European Banking Authority.
- SCA compliance. Strong Customer Authentication is the main requirement for online payments and transactions initiated by customers across the EU. It forces companies to embed additional authentication step and require two of the following elements: something the user is/has/knows. Otherwise, banks can decline payments that don’t comply with these standards.
- Operational and technical enhancement. Contribute to your existing capabilities - particularly around advanced analytics, APIs, and cybersecurity - to benefit from new possibilities as they emerge, and build up a reputation of quality and reliability.
- Customer education. Open Banking APIs and PSD2 are on the table for a while, but the awareness among bank clients remains low, thus slowing down the adoption. As we’ve seen with the introduction of social media platforms, people are willing to provide information, if they recognize the benefits and can do it in simple and convenient ways.
- Partnership strategy. Identify and create strategic partnerships to obtain necessary capabilities and so enable your operational and compliance readiness. Direct cooperation with third parties can help you create and market customer-centered services, products, and experiences.
The Future of Financial Services in the PSD2-Open Banking API Age
Such regulations offer tremendous opportunities for creating and marketing a wide range of both financial and alternative products, thus improving customers’ quality of life. On top of that, the potential of open banking API platforms goes beyond traditional banking and involves all of the services a customer may use in the modern digital world.
Optima Consultancy notes that around 41 percent of UK adults utilize smartphones for general banking operations, together with the 31 percent in the USA, based on the Citi Mobile Banking Study. At the same time, according to the World Retail Banking Report 2018, customers are likely to use the following non-banking services from their banks:
- Hotel or flight booking 24.9%
- Health and wellness 24.4%
- Retail purchase 23.8%
- Telecom services 23.3%
- Cab booking 20.2%
Digital transformation becomes more urgent, and challenger banks set the pace. For instance, such mobile-only banks as Monzo, Starling, and Revolut are already leading the financial revolution in the UK. Both mobile banking apps work in real-time, allowing users to split checks with friends easily, pay abroad at no extra cost, transfer money in a few clicks, and much more. Within a short time, Monzo product has gained over 2 million users, Revolut - 4,5 million, and Starling can boast of around 550,000 customers. However, open banking and PSD2 regulations will promote greater competition in the money management field.
The future of the financial industry globally is mainly driven by the market and offering customers a better experience is the #1 driver for almost 96 percent of banks, according to the World Retail Banking Report. In combination with digital disruption and the latest regulations, all these will impose sustained changes on the banking ecosystem. While the fast pace of innovation won’t slow down in the foreseeable future.
At first glance, open banking and PSD2 may sound like a lot of cumbersome changes to plan, implement, and support, but at DashDevs we see them as a starting point for great opportunities that we can help you deliver.