Blog article
See all stories »

PSD2 is fast approaching. Don’t bury your head in the sand

The PSD2 deadline is just seven months away, and we all know just how quickly time flies. Market feedback suggests that many financial institutions are still in the ‘reflection’ phase. So far, this year we have seen the EBA (European Banking Authority) publish the Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) and common and Secure Communication (SC) – this, in hand with the approaching PSD2 deadline, will force these banks to increase their efforts.

When we consider the complex infrastructures, inflexible roadmaps and long development / implementation lifecycles typical within most financial institutions then the urgency to implement a compliant solution becomes apparent. If we add to the mix that PSD2 inevitably brings its own complexities, such as strong security challenges associated to PSD2 XS2A (Access to Accounts) and the strategic implications of the directive, then that seven-month period is right behind you.

Over 4,000 European banks must open their legacy (mainframe) data stores to Third Party Players (TPP) for retrieving account information or initiating payments via APIs.

Those banks, which already launched studies in context of PSD2 know that the impact of the IT and operational related issues are considerable:

  • A secure API gateway with coarse grained and fine grained API authorization.
  • Integration with different - often very closed - legacy systems.
  • Management of the customer consents for TPPs to retrieve data.
  • The technical and operational process for onboarding TPPs.
  • A sandbox for TPP developers to find the documentation about the bank’s APIs and to test them.
  • Providing a trained support desk to TPP developers to contact in case of integration issues.

Considering the effort this involves, it is very likely that many banks will just do the bare minimum to be compliant. This could be a short-sighted strategy and the banks who adopt this approach risk missing out on future revenue opportunities, as PSD2 is just the beginning! Banks must accelerate their transformation to an Open Bank environment, offering innovative value-added customer services in several ecosystems. To help them on their journey, banks should acquire a solution to build tailored digital experiences faster and more agile and which provides a full pre-packaged PSD2 offering. If financial institutions don’t invest now to become more actively present on the new playing field by creating innovative, customer-centric services, they are likely to get left behind.

Don’t bury your head in the sand, if you act now the chances are you could start to fly.


Comments: (1)

Tom Hay
Tom Hay - Payment Systems Europe - London 22 May, 2017, 09:51Be the first to give this comment the thumbs up 0 likes

Looking for a "a full pre-packaged PSD2 offering" is rather like the futile quest for El Dorado. The purported solutions we have seen so far offer only a fraction of the required functionality. Some work only for mobile devices; most do not address the requirement to handle corporate payments; consent and data redaction are not addressed; and so on. In any case, the ongoing controversies around the RTS make PSD2 compliance a moving target.

It's a racing certainty that any bank that is still 'reflecting' rather than doing will miss the Jan 2018 deadline. There's no 'silver bullet' solution they can plug in to achieve instant compliance.

Stacey Small

Stacey Small

Business Development

The Glue

Member since

10 Nov 2016


Leigh on Sea

Blog posts


This post is from a series of posts in the group:


EBAday is the annual event for European payments professionals organised by Finextra and the Euro Banking Association. This community has been created to deliver a forum for EBA delegates to exchange views on instant payments, open banking and new developments in payments processing and technology.

See all

Now hiring