Eppo Heemstra, Connective Payments
PSD2 (Payment Services Directive) was introduced three years ago. This license requires banks to share customer payment data with Third Party Providers. Altogether, the high expectations have not yet been met. All banks have realised the necessary technical infrastructure of PSD2, and new players and new applications have emerged, mainly aimed at information and aggregation. The number of innovations where payments can be initiated on behalf of the customer is still very limited. The main cause of the lagging innovation on PSD2 is the lack of coordination and standardisation. In addition, research shows that European consumers are still reluctant to share their payment details with third parties. The United Kingdom is an exception, where the nine major banks have worked together from the outset to make PSD2 (AKA Open Banking) a success, resulting in a number of innovative applications. There are also opportunities for European banks to create more value with the help of the new possibilities. For this, PSD2 must definitely come out of the sphere of compliance. Instead, PSD2 should be regarded as a commercial opportunity to conquer market share, certainly in combination with Instant Payments.
Table of Contents
Three years ago, the European Union had high hopes for the introduction of the revised Payment Services Directive, PSD2. If all banks were to make their customers’ payment details available to licensed parties and facilitate that these Third Party Providers (hereinafter: TPPs) can make payment requests on behalf of customers, new innovative products would emerge like flowers in springtime. The market for financial products and applications would open up further, to the benefit of European citizens and businesses. What about that promise three years later? What happened, how can we explain the differences in adaptation of PSD2 in the different markets and what are the opportunities?
PSD2 – a lever for innovations
The idea of PSD2, originally drafted in 2013, was simple. Each bank makes the current payment data of its customers available, such as balance and credits and debits. TPPs can request a license to use that data, using an API call. There are two types of licenses:
The AIS (Account Information Service) license is the least far-reaching. It gives the right to request and analyse the payment data, in order to be able to make financial decisions about creditworthiness, risks, etc. Another well-known application is account aggregation, eg in the form of a financial housekeeping book in which the accounts of several banks are integrated.
The second license form is the PIS (Payment Initiation Service). With that heavier license, a TPP can not only consult the data, but also initiate payments on behalf of a customer. For both forms, the customer must give explicit consent to the TPP. With AIS, this consent is valid for 90 days; with PIS, permission must be given for every transaction. With every API call by a TPP, the bank checks the TPP’s license for the type of transaction as well as the customer’s consent.
PSD2 was a lever for the EU to stimulate the necessary innovations. Citizens and companies would benefit from lower costs, faster (authorization) processes, more convenient apps and better insight into their financial options. Banks would join the wave of innovation so that they would not have to give up market share to new entrants. The fact that they had to provide the new infrastructure for free was not a serious objection to the Commission. In short, more competition, more innovation, more efficiency and thus more benefits for European citizens and businesses.
However, in practice not much of that promise has yet materialised.
The high expectations of PSD2 have not yet been met
All European banks have met the legal obligation to realise the infrastructure for facilitating PSD2. So much for the good news. But with the expected innovations things are not going by storm. The number of API calls (the times a TPP requests payment data from a bank on behalf of a customer) would be a good indication of market adaptation. But unlike with mature products such as credit transfers, debit cards and iDEAL, those numbers are not kept in the Netherlands. The same for other European countries on the continent. The availability of the API channels is not monitored centrally either.
Indeed, new applications based on the PSD2 data have emerged. Yolt (a subsidiary of ING) provides services in several countries based on AIS and PIS. There are several comparison sites, such as ABN AMRO’s Grip housekeeping book, and aggregation apps, where multiple banks are used in one overview. BBVA, Santander, Deutsche Bank and Barclays have invested heavily in Open Banking services, mainly in the form of aggregation apps.
There are also promising initiatives from new payment institutions such as Flow (personal finance management, budgeting) and Buddy Payments (a Dutch app that supports debt counseling). But we can safely say that the expectations of the Commission have not yet been met.
Why is that? We see several reasons for the lack of pace in most European countries. For many of these, the UK is the favourable exception: 173 AISP / PIS licenses have now been issued in the UK. In the Netherlands there were 17 (at the end of 2020).
PSD2 is still primarily seen as a cost item and compliance obligation
PSD2 was mainly approached by the banks on the European mainland as a compliance issue instead of a serious business opportunity. They were more or less forced to develop an expensive infrastructure and make it available to third parties free of charge. Moreover, they ran the risk that those parties would take over the primary customer relationship. The spectre has long been that PSD2 could potentially roll out the red carpet for Fintechs and Big Tech companies that could parasitise the banking infrastructure with the help of a PSD2 license. In other words: PSD2 as a threat instead of an opportunity.
Lack of central coordination
Most European countries have central bodies or organisations in the field of payments, in which joint developments are coordinated. In the Netherlands, these are, for example, the Betaalvereniging Nederland and Currence. However in the case of PSD2, the realisation is largely left to the individual banks.
The situation is different in the UK, where the Competition and Markets Authority (CMA) took the initiative early on, in 2016, to establish a central Open Banking Implementation Entity (OBIE, https://www.openbanking.org.uk), sponsored by the nine largest banks. The OBIE created and maintains the API standards and documentation, provides information, stimulates use and takes action in disputes (1). Partly because of this, key data are available for the UK market, and they look mature: more than 650 million API calls per month (November 2020). Incidentally, less than 10% is related to PIS calls (one explanation could be the lagging quality of the home banking apps, which makes British citizens more in need of financial apps that excel in clear information).
The availability of the API infrastructure of the UK banks is consistently above 97.5%.
Technical standards for PSD2 differ per bank
Instead of agreeing on a technical standard for the API calls in advance, as in the UK, the continental banks based their technical API solutions on their own interpretation of the EBA’s Regulatory Technical Standards. The consequence is that they differ greatly from one another. EBA’s RTS documents mainly deal with security requirements such as the application of SCA (Strong Customer Authentication). The EBA left it to the banks to choose which standard they use for the data exchange, because the prescription of a specific standard would be too rigid and also too difficult to verify. As a result, the API request and response formats (2), the length of the transaction history, the account types, the availability of the data, the authentication protocol, the geographic scope (whether or not restricted to SEPA countries), the currency types, the availability of detailed technical documentation, they can all differ per country and per bank, unlike in the UK.
This makes it difficult for TPPs to develop a PSD2 service: they have to develop, test, implement and maintain different technical solutions for a multitude of banks.
Standardisation of API calls has been on the agenda of the so-called Berlin group (3), alongside STET and UK Open Banking, for years. However, the discussion is dragging on, as is typically the case with more interbank consultations within Europe. The ECB has now started a consultation round that may accelerate this.
European consumers and companies keep a wait and see approach
Perhaps it is still too early, consumers and businesses still have to get used to it. According to research by the Dutch central bank in 2020, a quarter of the people surveyed gave permission to use their payment details in exchange for new services (4). Young people are more likely to give consent than elderly. Consumers indicate that they have mainly given permission to the bank of their main payment account. Only 2% said they were willing to share their payment information with parties other than banks (with less than 2% willing to share them with Google, Facebook, etc.).
In the UK, the adaptation of Open Banking by consumers is going faster, given the number of API calls. Also, Open Banking user numbers have doubled since January 2020. There has been a steady increase at a rate of around 160.000 users per month (5). Undoubtedly this has to do with the stimulating role of the OBIE.
Applying for a PSD2 license is difficult
TPPs wishing to offer PSD2 products must apply for a license from a licensor (usually the central bank). This requires quite a few administrative and legal steps, a tough cookie that innovative startups with an entrepreneurial corporate culture may have little appetite for. The thresholds for this type of application are lower in the UK. The FCA (Financial Conduct Authority), the UK licensor, is seen as less demanding.
Partnering with an already established licensee can be an attractive solution for startups to speed up the process.
Yet there are plenty of opportunities
Despite all these pains and traps, there are plenty of opportunities to take advantage of the PSD2 infrastructure. And that includes the European banks themselves.
We already mentioned examples of improved customer journeys by using the AIS transactions. Among them: account aggregation, budgeting and faster credit scoring for loans, mortgages, rental contracts and private lease. By using PIS services, the transaction costs of online payments for web shops can drop dramatically, especially in markets where credit cards and Paypal are the norm (6). This should encourage heightened levels of innovation and competition in financial services, while also enabling banks to partner with and provide services to FinTech companies, rather than competing directly with them.
Banking-as-a-Service (BaaS), allowing non-banks to offer financial services by integrating banks’ services via APIs and building products on top of the traditional banking infrastructure, could represent an opportunity for legacy banks, as they can generate new revenue streams by allowing TPPs to utilize their underlying infrastructure, data, and banking licenses.
In countries like the Netherlands, where efficient payment methods like iDEAL predominate, there seems to be less benefit in that regard. Nevertheless, there is a window of opportunity for both TPPs and banks. A PIS transaction followed by an Instant Payment could turn out to be a very strong combination, challenging the hegemony of PayPal and credit cards.
In addition, banks have a relative competitive advantage to develop these PIS services themselves. After all, in addition to an existing customer base and a proven track record in the field of security, with their banking license they automatically have the required PSD2 licenses. With innovative power and the necessary IT capacity, they can develop new value added services based on PIS and SCT-Inst. With the customer experience coupled with the trusted online banking environment, they are a tough competition for new TPPs.
Standardisation of the PSD2 specifications within the European financial ecosystem will be a catalyst in this. And there is another catalyst: as a result of the pandemic, the shift from cash to digital is going even faster than expected. This further increases the need for new applications that add value for private and business customers.
Beyond compliance: who takes the initiative?
In short, with a little imagination and innovative strength, banks should really tackle this. The general mindset must change: PSD2 must definitely get rid of the compliance overtone and, as in the UK, be seen as a new business opportunity. If not, the door is open for TPPs to conquer market share with innovative applications based on financial customer data. With that prospect, the banks had better take the initiative themselves, and where appropriate partner with best-in-class Fintechs. Who knows, maybe the expectations of the EU with the introduction of PSD2 will be fulfilled after all.
(1) The Competition and Markets Authority (CMA) is due to wind down the OBIE, handing over responsibility for running the UK’s Open Banking programme to a Future Entity (FE), in which the banking and finance industry will be involved.
(2) E.g. required headers, path, body (some only in JSON, others also XML), error codes, required and provided information.
(3) Based on the PSD2 and EBA RTS requirements, Berlin Group NextGenPSD2 has worked on a detailed ‘Access to Account (XS2A) Framework’ with data model (at conceptual, logical and physical data levels) and associated messaging. Read more here.
(4) Research by the Dutch Bank among members of the CentER panel. Read more here.
(6) Yolt Technology Services has calculated that UK Merchants could save up to 80% on their online transaction costs, compared to credit card payments. The break-even point is at a transaction value of approximately € 15.
Connective Payments is happy to help innovative entrepreneurs obtain a PSD2 license. Connective Payments also develops, builds and implements products in co-makership with clients based on the possibilities that PSD2 offers.
For our service offering, click here.
Download our free PSD2 Whitepaper here: