Welcome to Finextra. We use cookies to help us to deliver our services. We'll assume you're ok with this, but you may change your preferences at our Cookie Centre.
Please read our Privacy Policy.

Accept
Channels
Blog article
See all stories »

Channels

Payments

Group

Innovation in Financial Services
External | what does this mean?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

Does PSD2 have to be complicated?

There has been a huge amount written about PSD2 recently and much of it appears to be, with the greatest respect, over complicating the issue.

 

Very fundamentally, to provide for all of the requirements of PSD2, we have three transaction types: balance, transaction list / statement and payment. 

 

Obviously, since these requests are coming from companies that are not the account holder, the requests must be authorised. The most straight forward way of handling that is by a set of account holder mandates. The company sends a request to the account holder, by way of their bank, requesting a mandate to complete the desired transaction. The account holder is notified that a request for mandate is pending on their account, and the next time they log in to their account they can choose to accept or reject the request.

 

The mandate request should be of the form: 

Company: XYZ Ltd has requested access to: see your account balance on your account: 12345678 Sort code: 12-34-56 from: dd/mm/yyyy to: dd/mm/yyyy

 

It must be possible for the account holder to rescind the mandate at any time.

 

On successful acceptance of the mandate request, a mandate key is to be sent to the company. When the company later sends a transaction request they will include the mandate key under which they have been authorised.

 

So far, so simple.

 

Of course account holders will not want to be constantly bombarded with mandate requests from all and sundry so it would make sense to ensure the companies making the requests have a bank account with a European bank and that the bank has authorised them for the request. This has the added benefit that, should the banks request any transaction fees, these are then just a matter of cross charging between banks.

 

So how does it work? The company’s bank provides an API that the company can use to request a mandate. The account holder’s bank provides an API, only accessible to banks, that allows the company’s bank to forward the mandate request. When the request has been approved by the account holder the account holder’s bank calls an API, only accessible to banks, provided by the company’s bank, that allows the mandate to be given. The company’s bank will hold the mandate for the company and provide a unique reference to it to the company.

 

You can see where the complexity is creeping in. Each of those API’s must be agreed and created according to a standard such that each bank is able to communicate with each other effectively and that standard doesn’t exist. If nothing is done now, each bank will create their own API according to their own standards and a whole, unnecessary, industry will be born aggregating and unifying them so that they can actually be used.

 

In fact the whole business lends itself to the payments network I have discussed previously, although this could be better described as a banking network. On such a network these transactions, with associated mandate management, are simply another way for banks to do business together in a competitively cooperative manner. 

 

Once you have introduced the concept of a mandate you can go further though. How much more confident would you feel about a direct debit mandate that was of the form:

 

Company: XYZ Ltd has requested access to: Directly Debit on your account: 12345678 Sort code: 12-34-56 once a month on the 13th of the month, for an amount in the range: £10 - £200

 

Is that not a bit more controlled than what we have now? Effectively: 

“I give company: XYZ Ltd free rein to take from my account as much as they like whenever they like and we’ll fight about it later if I disagree with what they have done.”

 

Or how about banks becoming the main KYC repository for all industry? If a company wants to confirm the identity of a customer they send a request, via the network, to the customer’s bank. The customer can approve the request, including how much information should be given, and the KYC confirmation can be returned to the company. Clearly this is a service the bank could charge for and the account holder remains in control of their data.

 

So, in answer to the original question: no. It doesn’t have to be complicated. But we could do with a decent inter-bank communication system to enable this and all the other transactions that banks have with each other.

3062

Channels

Payments

Group

Innovation in Financial Services
External | what does this mean?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Report abuse

Comments: (0)

Join the discussion
Chris Brown

Chris Brown

CTO

Trusek

Member since

13 May 2016

Location

Amersham

Blog posts

9

Comments

14

More from Chris

This post is from a series of posts in the group:

Innovation in Financial Services

A discussion of trends in innovation management within financial institutions, and the key processes, technology and cultural shifts driving innovation.

See all
Community
See all blogs »
Operational Risk Management 

Future of Payment Review – six-months on – APP Fraud

John Bertrand

John Bertrand

Fintech 

How innovation in encryption is helping secure the credit card approval process

Ghazi Ben Amor

Ghazi Ben Amor

Banking Strategy, Digital and Transformation 

Future of Payment Review: six-months on – Digital Payment Infrastructure

John Bertrand

John Bertrand

Embedded Finance 

How embedded finance breaks down barriers to banking

Ivo Gueorguiev

Ivo Gueorguiev

Now hiring

See more