There’s nothing quite like an impending deadline to shake you out of summer holiday mode – and PSD2, due to come into force on September 14th, is a significant one.
Whilst the FCA recently confirmed an 18-month delay to the Secure Customer Authentication (SCA) aspect of the directive, PSD2 is about so much more than multi-factor authentication. It presents an entirely new legal structure for payments throughout the
EU, introducing new types of third-party providers and, crucially, requires banks to allow secure access tothose third parties.
In a sense, this leaves banks and financial institutions with something of an existential crisis. They can provide straightforward access to third-party services – and risk becoming static utility providers. Alternatively, they can become dynamic orchestrating
hubs, bringing together services such as budgeting tools, personal financial management, direct payment applications and third-party loans in a consolidated way, in order to offer genuine added value to customers.
Clearly, the second option is a much better choice. It allows the organisations at the heart of the hub to actively build ecosystems centred on their customers’ evolving needs. It enables banks and financial institutions to differentiate themselves on the
basis of innovative supplementary services, without having to develop those services in-house. But delivering a hub structure requires banks and financial institutions to achieve seamless – and secure – access to those third parties, integrating their own
data with those of partner organisations in a unified and dynamic way.
So, how do banks achieve this? It is all dependent on the API economy, where APIs are the connection points which provide third-party providers access to banks’ and financial institutions’ databases – specifically, the banking accounts of customers.
This API-driven structure is more transparent, more reliable and offers tighter security than alternative techniques for offering third-party access to internal systems. So-called ‘screen scraping’, for example, may mean that if a bank changes its user interface,
then the third party services it offers access to will stop working altogether. Additionally, with APIs, customers do not have to share credentials such as usernames and passwords with the third parties in question.
As third-party service providers become more tightly integrated with banks, and data flows more smoothly and at greater volume between them, so value creation will come less from owning and more from sharing. In other words, services developed in-house will
be superseded by more specialist third parties. Thanks to far freer flows of data between organisations in this open banking ecosystem – and the ability to aggregate, analyse and intelligently harness these data – the ability of third parties to build services
absolutely tailored to customer behaviours and needs will be enormous.
What does all this mean in practice for banks and financial institutions? In this rich ecosystem, differentiation on the basis of supplementary services will be key – and rapid responsiveness to customer demands will be critical. If customers are clamouring
for an innovative new payment method, banks will need to be able to offer it at speed.
Readiness for the PSD2 deadline, then, means that banks need to establish their place within open banking, and ensure that the right technological infrastructure is in place. Third parties can then build their services directly on those APIs. Banks need
modern, customer-centric platforms with a flexible integration layer which can connect to new services quickly and easily.
The era of banks and financial institutions focusing their attention inwards and ensuring that their proprietary products and services are top-quality is over. In the post-PSD2 landscape, looking outwards, and ensuring a seamless, adaptable and secure approach
to linking up with others, is crucial.