The 14th of September was supposed to be the day that the last part of the Payment Services Directive, or PSD2, was rolled out across the EU.
However, the deadline came and went and the directive has yet to come into force, as the UK pushed back the deadline for compliance by 18 months in order to give banks more time to prepare.
In the works since 2015, the directive is set to have a significant impact on the world of banking and fintech, with open banking paving the way for more innovative financial services. However, the benefits it offers to consumers may not be realised if financial institutions are slow to act.
What is PSD2?
Intended to promote “the development of innovative online and mobile payments, more secure payments and better consumer protection” PSD2 is designed to “modernise Europe’s payment services”.
This particular deadline was for the implementation of Strong Customer Authentication (SCA). This intended to introduce more stringent security requirements for electronic payments, known as “strong customer authentication”, designed to better protect consumers against fraud by offering three layers of authentication such as PIN codes or biometrics.
As well as protecting consumers from bad actors, another key focus of PSD2 is encouraging greater competition in banking by opening up banking data through open banking legislation.
Third parties will now be able to access banks’ application programming interfaces (APIs), so they can use the financial institution’s data and functionality to build services.
By making information such as bank statements and spending habits available, with permission, it is hoped that customers will have better access to financial services such as money advice services or budgeting apps, helping them to better understand and manage their finances and creating an environment in which fintech innovations will flourish.
Adam Prince, Vice President Product Management, Compliance and Brexit at Sage explains that the new regulations have huge potential in making banking not only more secure but also more innovative:
“The introduction of the EU’s PSD2 regulation marks the start of a highly positive change for the finance and accounting industries: a move towards a more efficient and secure digital future and more valuable customer service. At its heart, PSD2 is designed to drive innovation for today’s digital consumers, all while giving them more control over their data.”
“A lack of preparedness”
However, the rate at which traditional financial institutions have responded to the regulations “risks derailing the vision of PSD2” according to open banking platform Tink, with many third parties “forced to operate in a poor quality working environment”.
Nick Caley, Vice President of Financial Services and Regulatory at ForgeRock said:
“Due to a lack of preparedness, [the] deadline has been pushed back by another 18 months. This is despite a multi-year phased roadmap and readily available technology which enables SCA through multifactor authentication like biometrics.
“This is the latest in a series of shortcomings from banks, who have failed to provide robust APIs for years. The fintech community, who rely on these APIs for their innovations, have been frustrated by the lack of progress. However, the real losers here are the banks’ customers.
According to ComputerWeekly, challenger banks in the UK are predicted to triple their customer base next year. Caley believes that the slow pace of innovation among traditional banks could see more consumers vote with their feet by switching:
“While banks drag their feet, rather than racing to implement these changes, consumer expectations are rapidly evolving to the detriment of incumbents. In fact, British challenger banks, known for their customer-centric service, are on track to triple their global customer base to 35 million in a sign of consumers voting with their thumbs for superior service.
“Banks cannot afford to view the extension as an opportunity to kick the security of their digital transformation into the long grass. With fintech and big tech poised for the mass adoption of Open Banking enabled services, there is far more at stake for digital laggards than the scrutiny of the regulator.”
Gavin Brown, Head of Identity at KCOM believes that some companies have focused on “box ticking”:
“Although PSD2 compliance has been high-priority in recent months, many companies have focused on ticking the box in order to meet the regulatory timescale rather than implementing optimum authentication systems. Carried out strategically, PSD2 compliance can be a trigger for a wider review of identity management strategies, which will ultimately benefit customers and businesses alike with a smoother, more efficient and secure process.
“For example, some banks may have implemented numerous, divergent stop-gap solutions so that they have something to show the regulator. Technically that makes them compliant, but in practice the results are far from ideal.