PSD2 is undoubtedly going to have a major impact on the future of payments in the European Economic Area (EEA), says Stefan Nandzik, VP of Corporate Communications at Signifyd.
Yet, big conversations need to be had about the impact PSD2 will have on other industries. E-commerce heavily relies on the payment transactions which PSD2 aims to improve, so why is the sector skirting around it?
In fact, so little of the PSD2 discussion has revolved around retail that some merchants are still unaware that the regulation will apply to them, while others wonder just what the new rules will mean for their online operations.
So, let’s be clear: ignoring PSD2 will not make it go away. Neither will relying on the talk of delays for all or parts of the regulation beyond the regulation’s 14 September deadline -- though there will be delays and frameworks for compliance in the UK, as recently announced by the Financial Conduct Authority (FCA), and we expect that more jurisdictions will follow.
There is a sense of deja vu in European retailers’ reaction to PSD2. Remember businesses’ response to GDPR as its consumer-privacy requirements were barrelling toward them? It’s not that unfair to characterise some retailers’ GDPR strategy at the time as: “Let’s ignore it and hope it goes away”.
However, it didn’t and PSD2 won’t either. But just as forward-thinking enterprises embraced GDPR and turned implementation of the consumer protections into a competitive advantage, smart retailers have the opportunity to do the same with PSD2.
A winning PSD2 strategy requires rethinking what PSD2 is all about.
In order to turn PSD2 requirements into a competitive advantage, retailers need to find a way to provide seamless customer experiences while still measuring Strong Customer Authentication’s (SCA) three elements of possession, inherence and knowledge, ideally without ever prompting their customers to take additional checkout steps or turning over the checkout flow to the card brands.
The infrastructure that will tell the issuing banks that SCA has been completed — think 3D Secure — will be upgraded and improved, but the substance of the regulation and its requirements will be with us going forward.
Counting on the regulation’s burden to be eased by the EBA’s recent opinion, is not a winning strategy. Neither is looking for loopholes through exemptions, whitelists or convoluted payment paths that will move issuers or acquirers out of the EEA (the so-called ‘one leg out exemption’).
In fact, those aren’t strategies at all, if, for no other reason than the fact that none of the exceptions provided will help even the likes of Stripe, Amazon or Worldpay prevent conversion drop off.
A winning PSD2 strategy requires rethinking what PSD2 is all about. PSD2 is a long-term consumer protection initiative that requires innovation to make it seamless. It is not a problem looking for a quick fix. Workarounds that seek to be clever — relying on loopholes and half-measures — won’t make life easier for merchants or their customers. In fact, they will lead to more misery for both.
Nearly 48% of consumers told polling firm Survata, in a Signifyd customer experience survey, that they felt frustrated by checkout experiences that redirect them to another site for credit card verification, a feature of 3D Secure. The Baymard Institute found that 28% of consumers abandoned their carts because checkout took too long or was too complex.
Fortunately, the technology to build a successful and sustainable PSD2 solution, fully compliant with the requirements for SCA, is available today. Instead of banking on exceptions, retailers should fix the problems that don’t protect their customers’ payment information. Let’s break down an optimal system into its pieces.
SCA and its three elements of measuring possession, inherence and knowledge are at the core of the regulation applicable to retailers. It is also the focus of much of the anxiety around PSD2, because, for most retailers, SCA was considered to be part and parcel with 3D Secure, a safeguard that historically has led to cart abandonment and customer dissatisfaction.
The truth is, leveraging the three elements of SCA is an effective safeguard against fraud. SCA is powerful. It works. Requiring authentication based on something the consumer is (biometrics or behaviour, for instance), something the consumer alone knows (a password from before the transaction, for instance) and something the consumer possesses (a digital device as evidenced by a token, for instance), is a robust and secure method. Even if a fraudster breaches one of the three identifiers, that breach doesn’t compromise the other two identifiers.
The key development for retailers to keep in mind here is the EBA’s June opinion that rightly stated that implementing 3D Secure 2.0 is not the same as implementing SCA. (The protocol doesn’t even have the ability to pass information regarding the inherence element of SCA.)
The truth is, leveraging the three elements of SCA is an effective safeguard against fraud. SCA is powerful.
The EBA stated plainly in its 21 June memo that: “communication protocols such as EMV 3-D Secure version 2.0 and newer would not currently appear to constitute inherence elements, as none of the data points, or their combination, exchanged through this communication tool appears to include information that relates to biological and behavioural biometrics”.
The EBA went on to say that SCA purposefully allows for multiple “authentication approaches in the industry, in order to ensure that the regulatory technical standards remain technology-neutral and future-proof”.
We’ve looked at what’s in place and tested the existing protocol and its infrastructure. Authentication systems that rely on 3D Secure, with their communication among the merchant, gateway, at least two banks, the consumer and often back around again can take an eternity on the web — think 15 seconds or more.
And, of course, we know what an eternity on the web does to conversions — slow and cumbersome checkout processes are a conversion killer. Nearly 48% of consumers told polling firm Survata, in a Signifyd customer experience survey, that they felt frustrated by checkout experiences that redirect them to another site for credit card verification, a feature of 3D Secure. The Baymard Institute found that 28% of consumers abandoned their carts because checkout took too long or was too complex.
The way to completely sidestep the problems with 3D Secure as a protocol is to take ownership of SCA by building or buying a holistic approach to meeting PSD2 obligations. We expect that the best customer experience under PSD2 will involve a machine-learning-based SCA provider conducting dynamic fraud analysis for online retailers, then passing the SCA decision down the 3D Secure rails to eliminate delays in approval, minimise customer friction, and maximise authorisation rates.
Such a system, relying on a vast amount of transaction data, provides the right degree of scrutiny for each order to protect consumers and retailers from fraudulent credit card transactions while avoiding the added friction brought on by a one-size-fits-all, legacy 3D-Secure-powered system.
The holistic approach allows for nearly instantaneous SCA review and more accurate decisions based on the significantly more data processed by the system’s learning machines, as opposed to passing down that data all the way to the issuing banks and back. The system should have the added advantage of shifting all liability away from the merchant, onto the issuing bank in the case of 3D-Secure-authorised transactions, or onto the SCA provider for any transaction that would require a step-up or be declined.
While the details of this innovative approach to PSD2 are important, it’s the underlying approach that is vital to executing a successful PSD2 strategy. It starts with embracing the new SCA requirements rather than trying to avoid them through a pretzel of exemptions.
E-tailers who are planning to bank on exemptions to PSD2 will fail miserably as said exemptions are only sometimes applicable to small value baskets, and are ultimately dependent on the acquiring and issuing banks’ low fraud rates. And retailers can’t control either of these factors.
Embracing PSD2 gives back control to retailers, giving them a real opportunity to build a competitive advantage. When e-tailers take a proactive approach to the directive, it’s possible for them to implement a robust system which meets the aims of PSD2 whilst also maintaining the online customer experience. The future belongs to e-retailers who have the ingenuity and foresight to treat PSD2 as an opportunity, not as the elephant in the room.
While the goals of these regulations are often described in detail, they frequently fail to outline just how the requirements must be met or the steps that need to be taken to achieve that compliance. Here Sarah Whipp, CMO and Head of Go to Market Strategy at Callsign, answers the question: Is regulatory ambiguity setting banks up for failure?
Take for example PSD2, which called for open APIs and the application of stronger authentication schemes but didn’t describe how best to meet these needs. With financial institutions in somewhat of a quandary, third party groups have noticed a gap in the market and stepped in to help, such as the Financial Data Exchange (FDX), The Berlin Group and the Open Bank project, who each put forth a different approach to meeting PSD2 compliance.
The three predominant authentication schemes that are currently being used are as follows:
- Redirect – whereby the consumer goes to a third party and when they reach the point where they provide consent, they get redirected to the holder of data, logging in via a page branded by their financial organisation
- Decoupled – when customers provide an approval via a different channel, separate to the one where they are dealing with the third party. For example, a push notification from their banking app if they are enabling access to their bank account
- Embedded – when the third-party processes the customer’s security creds and passes them on to the financial institution. This method won’t work with device-based authentication since underlying organisation won’t have visibility of device being used.
For international banks in particular, this presents a tricky challenge, as they must be able to not only offer each of the aforementioned authentication schemes, but all three of these for each of the third-party groups who’ve stepped in to bridge the gap with PSD2. As a result, these banks are tackling an extremely complex policy situation in which the 9 potential authentication methods are even further compounded depending on location or circumstance. In addition, for each jurisdiction these companies operate in, regulations will be interpreted differently, making a coordinated approach very difficult.
The issue lies not in the sheer number of potential authentication methods with no clear direction from the regulators, but the fact that many of these major, global banks are currently relying on the human policy manager – knowledge siloed to a few IT group team members – to comprehend these regulatory needs. Quite often these teams would have insider knowledge, almost like living and breathing black boxes. Of course, if one of these people leaves the company, they are also taking with them a huge amount of valuable information.
Instead, banks must move away from their home-grown policy managers, and evolve to a more sophisticated and transparent policy manager for which sectors across the organisation can have a say. It is not just the IT team that has to review internal policies at these and say they’re fine. Risk & Compliance right through to the Marketing function needs to ensure they are properly following protocol.
Challenger banks, those who have broken ground in the last decade or so and remain digital-first, are actually positioned much better to deal with these issues as much of their infrastructural practices are already grounded in flexible and agile practices. Thus, many banks facing these problems are established institutions, potentially embracing digital transformation in other areas of the organisation. To ensure they can remain competitive and compliant (regulations aren’t going away, they’re only getting stronger), they must also equip their policies for the future.
If these larger organisations don’t rise to the challenge they are in danger of dramatically harming the customer experience. They need to be able balance keeping their customers’ digital identities safe and as well as comply with regulations, while making sure users can get on without obstacles. By using the latest AI and machine learning, policy managers must adapt and learn in real time to achieve this goal. Implementing this technology, organisations can build multi-factor authentication journeys that are uniquely tailored to their own business, customers, products or services. Financial legislation is constantly being updated, so flexible technology will help them easily navigate any changes with relative ease.
While most are aware of the upcoming September 14th deadline, which requires banks to have implemented dedicated APIs for third-party providers, the March deadline was much less well known, and many of the thousands of eligible banks in Europe will not have been compliant in time. Nick Caley, VP of Financial Services and Regulatory at ForgeRock says that while there are no formal penalties for those that did not meet the deadline, there will certainly be consequences that could have long-lasting commercial, technical and reputational effects. Read on to find out more about what to do if you’ve missed the deadline.
Consequences of non-compliance
Banks who have failed to meet the March deadline will now need to implement fallback ‘screen-scraping’ as a contingency mechanism ahead of the 14th September deadline, at the same time as implementing their PSD2 API. With screen-scraping, customers essentially share their security credentials so third parties can access their banking information via the customer interface and collect the data for their own services. This is something that’s absolutely not in the interests of banks, or their customers, and could lead to problems in the future.
There are multiple problems with screen-scraping. Firstly, there are the significant security risks it poses. Screen-scraping involves customers sharing their banking security credentials with third parties, which is an outright bad security practice. No-one should ever feel comfortable sharing a password to a system, let alone one that provides access to a bank account. Such credentials, as well as providing access to banking data, can be used to unlock numerous other account functionalities that should only ever be available to the account owner. Any increase in the risk that banking credentials could be compromised will undermine the confidence consumers place in financial institutions.
No-one should ever feel comfortable sharing a password to a system, let alone one that provides access to a bank account.
Beyond these security considerations, there are also cost implications as banks will need to find the resources necessary to maintain more than one interface, and each interface will require strict and ongoing monitoring and reporting to the National Competent Authority. While larger tier one banks might be able to absorb this extra cost, this will further compound the already serious burden of compliance with the regulatory technical standard (RTS) for smaller banks.
Beyond these practical concerns, failing to comply with the March deadline means many banks will now be left playing catch up on the developments set to be made as PSD2 comes into effect. This could seriously hinder banks’ long-term prospects, preventing them from giving themselves a strong foundation to stay on top of PSD2 and severely limiting their ability to compete in the new era of customer-centric financial services.
What can banks do now if they’ve missed the deadline?
The best advice for a bank that hasn’t met the deadline for a testing facility is to contact the relevant regulator (National Competent Authority) regarding the steps they could take to achieve an exemption. They will need to submit a description of what has been implemented so far, and their plan to complete the delivery of items that fulfil the requirements of PSD2.
The NCA will accept exemption requests up to June 14th 2019, after which date it is deemed that any banks with failed applications will have just enough time to apply the contingency measures before the September deadline. If a bank demonstrates ‘clear and credible plans’ for the required compliance by September then the NCA may confirm the exemption once it’s received evidence of the implementation.
Of course, the easiest way for banks to demonstrate credibility and get an exemption is to implement testing facilities as soon as possible. For those banks who haven’t yet found a solution, there are ready-made developer sandboxes that they can deploy in a short space of time. These sandboxes are essentially turnkey solutions that are fully compliant with the defined API standards, making the whole process far simpler and quicker.
The NCA will accept exemption requests up to June 14th 2019, after which date it is deemed that any banks with failed applications will have just enough time to apply the contingency measures before the September deadline. If
Whether or not banks are allowed an exemption, it is still worthwhile for them to continue with plans for a developer sandbox. This is because it will still enable third-party providers to test their functionality and make sure the bank is best prepared when September 14th comes around.
Looking further ahead
As the trusted holders of customer banking information, PSD2 gives banks an unrivalled opportunity to add value for their customers. Through the development of new interfaces, modernisation of authentication methods and the redesign of customer journeys, banks can achieve the new Holy Grail for any business; delivering intuitive, secure digital services and experiences that are personalised to the customer and offer far greater insights and advice.
At the same time, it’s important for banks to keep an eye on the competition. The promise of PSD2 is to provide a level playing field to encourage competition and innovation. Account Info Service Providers (AISPs), and Payment Initiation Service Providers (PISPs), retailers and internet giants, all have the opportunity to introduce their own payment and financial management products and services that integrate directly with the established banks.
At the same time, the challenger banks built from the very beginning to be ‘digital natives’ have been leading the way with innovative customer-first experiences and third-party marketplaces that go beyond what is currently on offer from traditional players. This means banks will need to provide better digital services to stay competitive, giving people more freedom and choice in the way they interact with financial services.
The March deadline was the first real test for which banks are keeping up with PSD2, and which are falling behind. However, these compliance deadlines are not just a test of a bank’s ability to meet technical regulations - they are also strong indications as to how well each bank will be prepared to stay competitive in the race for our increasingly digital future.
Website: https://www.forgerock.com/
Less well known, however, is another more imminent deadline. The PSD2 regulation requires banks to implement facilities for these third parties to test their functionality against a simulated bank environment six months prior to the September deadline, which means that these environments must be in place by 14th March. Below Nick Caley, VP of Financial Services and Regulatory at ForgeRock, explains that despite the importance of this fast-approaching deadline, many of the thousands of eligible banks are significantly challenged in meeting either deadline. And, while there are no formal penalties for not complying with it, there will certainly be consequences that could have long lasting commercial, technical and reputational effects.
Consequences of non-compliance
Banks which fail to meet the March deadline will need to implement fallback ‘screen-scraping’ - where customers essentially share their security credentials so third parties can access their banking information via the customer interface and collect the data for their own services - as a contingency mechanism at the same time as implementing their PSD2 API by the September deadline, something that would not be in the interests of banks, or their customers, and could lead to graver problems further down the line.
There are multiple problems associated with screen-scraping. Firstly, there are the significant security risks it poses. Screen-scraping involves customers sharing their banking security credentials with third parties, which is an outright, bad security practice. No-one should ever feel comfortable sharing a password to a system, let alone one that provides access to a bank account. Such credentials, whilst clearly able to provide access to banking data, also unlock numerous other account functionalities that should only be available to the account owner. Any increase in the risk that banking credentials could be compromised will not build the confidence of consumers.
Alongside security considerations, there are also cost implications since maintaining more than one interface increases the resources required. Each interface will require strict and ongoing monitoring and reporting to the National Competent Authority. While larger tier one banks might be able to absorb this extra cost, for smaller banks this will further compound the already serious burden of compliance with the regulatory technical standard (RTS).
Beyond these very practical concerns, failing to comply with the March deadline will mean banks are left playing catch up on the developments set to be made as PSD2 comes into effect. Avoiding such pitfalls would mean banks can significantly boost their long-term prospects, giving themselves a strong foundation to stay on top of PSD2, meeting regulatory deadlines whilst crucially increasing their ability to compete in the new era of customer-centric financial services.
Despite the clear importance of the March deadline, many banks are still largely focused on developing their production APIs ahead of the September deadline, rather than their testing facilities. For those banks who haven’t yet found a solution, having development teams put a testing facility live in such a short space of time might seem like an impossible task. The good news is that there are ready-made developer sandboxes that banks can deploy in a short space of time to stay on top of the requirement for a testing facility. These sandboxes are essentially turnkey solutions that are fully compliant with the defined API standards, making the March 14th deadline much easier to digest. Banks should look to these ready-made sandboxes if they haven’t already found a solution.
Looking further ahead
As the trusted holders of customer banking information, PSD2 gives banks an unrivalled opportunity to add value for their customers. Through development of new interfaces, modernization of authentication methods and the redesign of customer journeys, banks can achieve the new holy grail for any business; delivering intuitive, secure digital services and experiences that are personalised to the customer offering far greater insights and advice.
With the focus on complying with deadlines, it’s also important for banks to keep an eye on the competition. The promise of PSD2 is to provide a level playing field to encourage competition and innovation. There are certainly plenty of new competitors: Account Info Service Providers (AISPs), and Payment Initiation Service Providers (PISPs), retailers and internet giants, all have the opportunity to introduce their own payment and financial management products and services that integrate directly with the established banks.
At the same time, the challenger banks built from the very beginning to be ‘digital natives’ have been leading the way with innovative customer-first experiences and third-party marketplaces that go beyond what is currently on offer from traditional players. This means banks will need to provide better digital services to stay competitive, giving people more freedom and choice in the way they interact with financial services.
The March deadline is the first litmus test for which banks are keeping up with PSD2, and which are falling behind. However, as we have seen, the far-reaching changes that PSD2 heralds means this upcoming deadline won’t just be a test of a bank’s ability to meet technical regulations - it will be a strong indication as to how well each bank will be prepared to stay competitive in our increasingly digital future.
As an enabler for increased competition and customer choice, open banking is transforming the banking sector for consumers, challenger banks, FinTechs and traditional players alike. The UK’s version of the second Payment Services Directive (PSD2), open banking is forcing UK banks to open their data sets via secure application programming interfaces (APIs), resulting in them re-positioning their services away from being one-stop shops for financial products, to open platforms, where consumers can embrace a more modular approach to banking by allowing third parties to access their financial data directly.
As we enter the second full year of an open banking environment, Kevin Day, CEO of HPD Software, the asset based lending and factoring software platform, discusses the opportunities and challenges that the sector is likely to face in 2019.
Rapid and significant innovation in financial services to grow the market considerably
Open banking’s data sharing rules are aimed at developing new technologies and innovation, which have been advancing at a rapid pace, and which is expected to continue, resulting in increased competition between banking providers and FinTechs. The open API data, which includes account aggregation, improved financial management, credit scoring thin-file customers and integrated lending and accounting platforms allows companies to create bespoke products and target potential customers in a completely new way.
Through such innovation, customers will be able to quickly compare accounts, helping them to understand where to find the most suitable products. Financial management meanwhile could now be offered by an array of financial service providers, from established banks to charities, in a move that encourages customers to shift from traditional ‘under one roof’ banking services to specific, individualised services that are suitable for their personal financial situation. The potential revenue opportunity across a range of SME and retail customer propositions is estimated by PwC to be £2.3bn at the end of 2018, of which £1.8bn could be cannibalised by existing or new players in the market, with the remaining £0.5bn representing new revenue opportunities. Based on forecasts for adoption across the same markets over the next four years, PwC expects incremental revenue will total £1.3bn, where £5.9bn is ‘revenue at risk’.
A lack of homogenous technical standards may make operating processes susceptible to corruption and companies need to be clear on how they will safeguard their data against fraudulent activity.
Enhanced industry collaboration
Another considerable advantage of open banking is the enhanced industry collaboration that will result from data sharing as providers, traditional banks and FinTech companies will between them be able to offer something that the other cannot. With so many players in the financial services industry, the formation of partnerships between banks and their FinTech competitors will result in increased choice for customers, and will help both players to survive and expand their services in a rapidly evolving industry. Any new products formed through such forward-thinking partnerships will likely see the benefits at both ends of the spectrum.
Traditional customer platforms are going to change
Open banking will enable a new league of consumer profiling that will require minimum effort to find the most relevant information on products and services across the industry that are tailored to their individual needs and history. From personalised investment solutions to retail overdraft decoupling, the shift in data optimisation will become the new normal, altering the way traditional price comparison platforms operate. This movement won’t stop there: bank account and transaction data can provide an opportunity to collaborate across different sectors where retailers, utility providers and tech companies can function together on aggregated data platforms.
Access to consumer data increases responsibility around security
The opportunities created by initiatives such as open banking, which have the potential to transform the industry, of course come with responsibilities, and one of the major challenges will be around managing risks related to security. A lack of homogenous technical standards may make operating processes susceptible to corruption and companies need to be clear on how they will safeguard their data against fraudulent activity. Any major data breach is likely to negatively impact retail customer uptake – many consumers consider their financial data more personal than their medical information. With complex chains of data access, both banks and FinTechs must also consider the obstacles associated with responsibility for any security breaches, and ensure that their software is able to identify, predict and react to risks or breaches in good time.
By bringing third-party providers into the banking system, there is a considerably increased risk of scammers gaining access to customer information.
Liability becomes an issue
By bringing third-party providers into the banking system, there is a considerably increased risk of scammers gaining access to customer information and the finance provider will be liable, unless there is evidence of fraud or negligence. With both banks and FinTechs alike facing increased security threats, without proper legal clarification, it’s inevitable that finance providers will do what is necessary to push liability on third parties.
Open banking is still a relatively new initiative
A lack of awareness and education around the capabilities of open banking will be its greatest challenge in the short term. Finance providers will need to convince customers of the benefits of sharing their data in the first instance, and as yet, banks are not marketing open banking, which directly impacts the ability for it to innovate and provide new propositions.
While the corporate sector and SMEs in particular seem far more willing to embrace open banking, consumer review body Which?, has found that 92% of consumers had never even heard of the initiative. As such, banks and FinTechs need to embark on a considerable education programme for consumers to better understand the benefits of open banking and how it can help them take control of, and better manage their finances, from monitoring spending to making better savings and investment decisions.
For finance providers in the Asset Based Finance space, there are opportunities to leverage efficiencies from open banking, in particular in the area of cash processing with the potential for virtual bank accounts to streamline cash reconciliation. There are also value added services that can be offered to SMEs to assist them with other aspects of running their businesses. Finance providers will need to have an open mind and be prepared to collaborate with FinTechs and other technology providers.
Once banks have stronger propositions to offer their customers, they will become more vocal and the lack of awareness will gradually cease to be an issue. For the financial services industry and new entrants alike, it is important that all parties embark upon this education programme with the proper systems in place for proper levels of monitoring, security and scalability to ensure a success of the industry.
Website: https://www.hpdlendscape.com/
Even though it’s early days for open banking there are already plenty of trailblazers offering new services, writes Huw Davies, CCO at Token.
From forex to rental accommodation, personal identification to loyalty schemes, many customer experiences are starting to be transformed by the effects of Europe’s Second Payment Services Directive (PSD2) just months after it was introduced.
Low-cost travel currency provision, securing a new rental flat, buying goods online and viewing your complete financial position across multiple bank accounts have all become easier thanks to third parties taking advantage of the access the regulation gives them to customer bank details to provide new services. Innovation is alive and kicking and motivation to succeed is high.
For banks, initially concerned that PSD2 would allow others to come between them and their customers, the prize comes in keeping themselves at the centre of their customers’ digital banking experience. This will allow them to continue to collect valuable transaction data that will help them cross-sell and up-sell their own products and services.
For merchants and service providers, open banking promises to remove some of the hassle – known as friction – of registering new customers, recognising existing customers and completing purchases. It could also make it easier to make targeted offers and build loyalty.
Meanwhile, fintechs are hoping that the new services they can provide, such as bank-account aggregation, will capture the public’s imagination, helping them create new businesses.
Payments
The sheer variety and success of those already operating in the payments area proves open banking’s value.
Online property portals are developing open banking services that help both landlords and tenants kick off a new tenancy faster and at a lower cost. Traditionally, the first rental payment is often made by debit card, incurring high processing fees. The alternative is to set up a Bacs payment, which can involve visiting a bank branch and filling in forms. The whole process can take up to 10 days to complete.
For landlords and tenants alike, this can be too long and there’s no guarantee that any payment will ultimately go through. Meanwhile, the landlord may have lost alternative tenants. Savvy online property marketplaces will begin using open banking to take immediate payment directly from the renter’s bank accounts by the end of the year.
This approach not only circumvents the high fees but also cuts the amount of time it takes to make that first payment from days to seconds. Down the line, we expect these portals to incorporate identity and credit checks as well as recurring monthly payments into their solutions, removing further areas of friction.
In travel money and investments, there’s also plenty of activity. Caxton, for example, aims to remove the pain points associated with registering for and using a pre-loaded foreign-exchange card. These include high fees, delays in clearing the first payment from the customer’s bank account and the need to log into both bank and forex provider. Like the property portals, forex providers can take immediate payment directly from bank accounts, cutting the cost and closing the time gap from registration to live accounts.
Online investment services are also looking to offer similar services to streamline account setup and moving funds.
In all these areas, open banking is cutting the hassle and increasing automation, helping to bring down costs and improve the customer experience.
The scope of these services can and will be broadened out as open banking payment services take off and the simple use cases are proven. Expect to see recurring and bulk-payment facilities that will take the strain out of volume transactions, as well as services that offer lending on the back of payments.
Data aggregation
Allowing third-party access to bank data will open up the opportunity for far wider data aggregation than previously possible. Until now customer data was held in silos by different companies – banks, merchants and service providers. Post PSD2, those silos can be connected and the data within them pooled and analysed to create a richer customer picture. This can be used to offer new, relevant services and build loyalty.
There are many fintech and banking propositions that allow customers to view all their bank accounts from different providers in one place. At present, what you can do with the service is limited to views of account information. Soon, a more advanced version will allow customers to unlock the value of these services and act on the information – make payments between accounts held at different banks to pay off an overdraft, for example, or sweep money from a zero-interest current account into a savings account. Users will even be able to set up rules-based parameters around events that will automatically trigger money movement, helping them manage their finances better.
Similarly, loyalty programmes are more effective when they know more about a customer. Many are merchant-specific – think Tesco Clubcard or Boots Advantage. When the retailer can see beyond the customer activity within their own store they can make timely and relevant offers to tempt customers away from rivals to spend more with them. It’s no surprise, then, that we’re starting to see loyalty card providers expand the range of what they collect to include bank data.
Identity and verification
When it comes to identity, verification and authentication, cumbersome processes create friction, which is a huge problem. Passwords are the bane of modern life. But PSD2 promises to change all that. Consent to access relevant customer bank details need only be given once so forms for a car loan, for example, could be filled in automatically by the loan provider. This not only improves the customer experience – less paperwork – but because the data is coming from the bank it has already been checked and verified so the loan can be processed quicker too.
As identification and verification services mature and develop, recurring payments and subscription facilities will be added.
Open banking is a new way of accessing financial services. While today’s offers may be limited in their functionality, their providers have clear road maps for further development. Just as with other revolutionary processes and technologies, it will take time to see how far they will go. But open banking’s capacity to reduce friction, risk and cost as well as make processes faster and more efficient means it will undoubtedly become an important part of our everyday lives. It’s over to the innovators.
PSD2 promises a radical change, opening up the strictly regulated financial industry to new players. But Djoeri Timessen, the youngest Bank Director in The Netherlands, at the helm of innovative mobile start-up bunq, wonders whether PSD2 addresses the real issues or is simply a stopgap solution.
The much-anticipated revised Payment Services Directive, or PSD2, came into effect earlier this year. It has been dubbed a game-changing regulation. The monopoly of banks on customer account information and payment services is about to disappear. Banks will no longer only be competing with banks, a prospect that looks like it will drastically change the market and maybe even level the playing field.
The problem, however, with PSD2 is that legislation is inherently always on the back foot, making it an unsuitable driver for innovation. The financial world is in the midst of a data revolution with a landscape that is shifting so rapidly, a directive like PSD2 is already outdated before it comes into effect. Legislation dictating technology means, quite literally, that books are trying to keep up with the internet. PSD2 was created in response to the first PSD and after seeing the effects of this second directive, the process will repeat itself and we'll head straight into PSD3. A few years ago, consumers still relied heavily on branches and internet banking seemed like a futuristic prospect. In 2016, mobile interactions had already grown to account for 56% of customer’s banking engagements in Europe[1]. Nobody can beat the speed of technology.
Of course, legislation can and does bring about positive change in our industry. It wouldn’t have been possible for some of the challenger banks to obtain a financial license to operate without the EU’s progressive regulators. Start-ups would have never been able to expand across the EU in such a rapid pace if it weren’t for the European Economic Area (EEA) passport which allows them to offer financial products and services in another EU member state without needing authorisation in each individual country.
“Banking is necessary, banks are not”
In similar fashion, PSD2 accelerates disruption in a protected market. The ability to engage directly with consumers will no longer be just the advantage of banks but shared with corporates, technology firms, FinTechs, and even retailers. PSD2 is yet another step in the Open Banking revolution, providing new players with an opportunity to plug into traditional institutions and build new services for consumers. As Bill Gates once famously said in the mid-90s: “Banking is necessary; banks are not”.
In turn, this forces bank incumbents to rethink their service offering to stay relevant to a consumer that’s asking for financial services that are faster, personalised, seamless and easily accessible. A highly customer-centric strategy is no longer a unique selling point, it has become a necessity - mostly because of the new directive forcing banks to catch up.
On paper, legislation seems to be working. Yet in reality, it’s still only a stopgap at work. Initiatives like PSD2 force a closed off system to become more open, but they don’t address the root cause: the payments industry is still monopolised by bank incumbents that don’t allow any room for competition. It’s the same pattern we saw after the financial crisis: increased supervision and strict legislation were useful to halt the crisis at the time, but the cause was never addressed.
Conflict between opening up and risks
The problems become clear when we look at how banks are tackling the thorny issue of open banking and APIs, the new directive’s main enablers. Banks have to comply with providing TTPs (third-party providers) access to their customers’ accounts, yet there is an inherent conflict between opening up the system to these smaller parties and the risks they might pose. We only have to look at the Facebook and Cambridge Analytica scandal a few months ago to see how third parties might handle user data and privacy poorly. API standards initiated by legislation appear to be a solution, but are those the most user-friendly and safe? Again, technology will evolve more rapidly than the legislation dictating it.
The opening up of banking data, new technology and changing consumer preferences will all contribute to a more open banking ecosystem. But the only thing that will ever drive innovation in this industry is healthy competition in an equal playing field. In every ‘traditional’ market, disruptors are responsible for seismic shifts: Netflix has kept the TV industry on its toes, Uber revolutionised the transportation business and Amazon set a whole new standard for retail. No matter how many band-aid solutions like PSD2 are put into effect, if the banking landscape itself, beyond the realm of payments and account info, doesn’t make room for new agile players, the real problem isn’t addressed. We need a mindset change from traditional financial institutions, one in which the consumer is put first. The new players are already riding that wave, now it’s time for the rest to follow suit. One thing is for sure: it will be an interesting ride.
[1] https://www.cbinsights.com/research/challenger-bank-strategy/
PSD2 had been previously described as a game changer for the financial industry, that was set to have a substantial impact on how mobile payments are conducted and authorised. Along with the challenges that face the mobile payments industry, there are also sizeable advantages to the new payment services directive that offer increased security for its users and a level playing field for payment providers. Shane Leahy, CEO of Tola Mobile, explains for Finance Monthly.
Since its inception in January 2018, many businesses which already operate within this space have argued that PSD2 hasn’t made an immediate and significant impact within their processes like they thought it would. Having said that, it is clear that PSD2 has bought a whole host of benefits and opportunities for new players to enter the market and produce a strong, customer-centric offering.
Whilst it was initially reported to be disruptive, the new regulation update has allowed for a real opportunity to move out of digital services and into a new era of payment services. PSD2 is helping to standardise and improve payment efficiency across the EU fintech industry, all whilst promoting innovation and competition between banks and new payment service providers.
PSD2 not only encourages the emergence of new payment methods in the market, it also creates a level playing field for new and existing service providers to innovate, create and ultimately give customers increased choice and availability. It puts the customer back in charge and offers a secure protection of data regulations that merchants will have to abide by.
One of the biggest impacts for mobile payment providers has been the imposition of spending limits on the Mobile Phone Network Operators (MNOs). For them, and companies who are operating under the PSD2 exemption, the maximum transaction amount a subscriber can be charged is £240 per month. This is all for voice, SMS, data and third party products either offered and available to the subscriber.
Another impact has been the requirement for a two-factor authentication process on every payment, and the restriction on the ‘billing identifier’ being taken by the payment provider from the network. In this instance, the billing identifier is the mobile phone number, and this has to be provided by the subscriber during the discovery phase of the acquisition of the mobile payment. This aligns the process more closely to credit card payment acquisition. By having a two-factor authentication, a new level of payment authorisation and transparency not previously seen in mobile payments has been discovered. This brings new levels of trust that is more commonly associated with credit cards, but with more ease of use and convenience of using your mobile phone number to make purchases for goods and services.
Some banks within the industry have grasped PSD2 with both hands, including Dutch client bank, RaboBank. RaboBank is creating its own mobile ecosystem around mobile payments with a rich choice of value-added services, as it looks to move its customers from a SIM-based mobile payments model into the cloud - and becomes one of the first banks to tap into what PSD2 allows banks to do.
Recent reports from MobileSquared have seen that ticketing could be one of the biggest industries to be affected by PSD2, with a third of customers in the UK being keen to start using charge to mobile to buy low-value tickets such as bus fares and train tickets. PSD2 opens up the market to a full transformation that will allow big ticket items to be sold using direct carrier billing. This brings a whole host of benefits for ticketing merchants and its customers, that can benefit from a seamless payment system, quicker processing times and easily accessible.
With the continued effects of the new directive set to be felt across the next 24 months, payment providers in the European Union must ensure they are compliant with the regulations of this well anticipated update.
The customer is at the core of PSD2, and banks, merchants and new payment providers will be looking to become completely compliant with the changes to suit a more customer-centric offering. Payments via any IoT devices will become a more popular method for customers and merchants will look to push more mobile payments due to lower processing fees, subsequently empowering the customer even more. As the industry sets to move towards a more open and intelligent banking ecosystem, financial institutions and fintech companies should embrace the impact PSD2 is having and understand that it will continue to have an ongoing significant impact on their offering throughout 2018.
By Mark Jackson, Head of Financial Services, at Collinson Group – a global leader in influencing customer behavior to drive revenue and value for clients.
2018 is set to be a game changer for the relationship between banks and their customers. Driven by the European Commission’s second Payment Service Directive (PSD2), which has now been rolled out across the financial services industry, banks that operate in the EU are now obliged to provide open access to account data and payments, to correctly authorised third parties based on the consumer’s consent. Although not yet mandated within PSD2, the means of providing open access in this way will come from the wide-spread adoption of secure Application Programming Interfaces (APIs).
PSD2 is designed to encourage greater competition and innovation amidst banking and payments across the EU. Combined with Open Banking in the UK – which is the UK Treasury and CMA’s own slant on PSD2 which goes further and faster – PSD2 has the potential to fundamentally change the financial services industry, for customers and service providers alike.
Switching rates amongst current account holders are incredibly low, with just 3% of UK customers shopping around for a better deal[1]. Improved engagement, facilitated by Open Banking, could help banks attract new customers and increase the proportion of people looking to switch.
Some traditional banks have been slow to facilitate use of APIs. However, other banks on the continent are already starting to see opportunities from collaboration with FinTechs and other players in a wider banking and payments ecosystem to improve the customer experience and better integrate themselves into the channels customers want to use more regularly.
One example is Brazil’s Banco Bradesco Facebook app, which allows customers to conduct day-to-day banking via Facebook. Meanwhile, Capital One and Liberty Mutual have capitalised on the popularity of Amazon’s Alexa, enabling customers to check balances and pay bills through the voice-activated personal assistant.
- Provides greater customer choice
Open Banking creates opportunities for banks to share banking and payment data, meaning that customer relationships are essentially ripe for the picking. Any company can compete for customers, from incumbent and retail banks, to fintechs and tech giants such as Google and WeChat. Increasing this consumer choice will shift the balance of power to customers who increasingly demand a smarter, more rewarding digital experience.
Reports suggest that a leading social media company sees its average user spend approximately 50 minutes every day on its platform[2]. In stark comparison, a leading global retail bank spends a mere 54 seconds per day engaging with the typical customer.
Banks must maximise the time given to customers by utilising the wealth of knowledge about them made available by Open Banking. The winners will be those companies that combine payment and banking information with behavioural and lifestyle data to offer new, more personalised services. The resulting experience can help secure customer loyalty and differentiate from competitors.
FinTechs working with the banks can also reap rewards, gaining access to an entirely new customer base. Many of these digital companies are in their infancy, so partnerships with large financial institutions offer scale, scope and opportunity not otherwise achievable.
- Delivers a more rewarding digital experience
In an ever-changing digital world, customers expect an intuitive, user-friendly and flawless banking experience. Faster payment options, such as mobile wallets from technology brands like Apple and Samsung, mean that customers have become accustomed to an experience based on convenience. This represents a paradigm shift in customer expectations for rewarding loyalty. People want everything to be delivered ‘on the go’ via apps on their smartphones and other connected devices, slotting in seamlessly to their busy lives.
However, some banks are still falling short of customer expectation, not investing enough in technology infrastructure, and seeing customer satisfaction drop as a result. With the provision of open APIs, banks can encourage collaboration with innovative, agile third parties to create new customer-centric, digital propositions. Rather than only seeing FinTechs as competitors, banks should look for opportunities to collaborate and integrate with them as an extension of their own service, offering customers a more fluid approach to their finances.
- Improves engagement through personalised offers
Customers are typically choice-rich and time-poor, so offers need to be individually tailored. The last thing they want is to be bombarded with irrelevant offers, or spend hours searching online for offers that suit them. A poorly targeted offer is more likely to drive customers away than increase brand loyalty.
Leveraging the power of mobile and data from open APIs, banks can better understand customer preferences and offer tailored rewards, sent in the right place at the right time – giving the personalised experience customers demand.
In addition to customer loyalty, providing compelling, timely and contextually-relevant offers will enable banks to create new revenue streams by upselling at optimum moments in the customer’s decision-making cycle.
Customer behaviour won’t change overnight. Two thirds of consumers in the UK say they won’t share their financial data with a third party[3], but with better education around the issue, customers will soon see the potential.
Open Banking should be embraced, not feared. This long-awaited shake-up places the customer at the centre of the experience, with a focus on engagement and brand loyalty. It could also serve to retain and grow a bank’s customer base, so long as they engage with them in the right way. Whether or not they are impacted directly by EU regulations, those that embrace the opportunities provided by Open Banking will be able to offer customers a greater choice of personalised offers and rewards, delivered ‘on the go’ via apps.
[1] https://www.gov.uk/government/news/bank-switching-to-be-overhauled
[2] https://thefinancialbrand.com/69877/digital-banks-platform-economy-trneds-open-banking-api-psd2/
[3] https://newsroom.accenture.com/news/accenture-research-finds-lack-of-trust-in-third-party-providers-creates-major-opportunity-for-banks-as-open-banking-set-to-roll-out-across-europe.htm
The financial services industry has changed significantly over the past years, and technology has been at the heart of that change. Heightened competition and rapid progress in disruptive technologies have brought about a paradigm shift in the banking experience which has accelerated in 2018.
Banks that don't invest in technology risk falling behind, as new regulation continues to level the playing field with new innovative players. Last year, many of the banks appealed to the CMA for an extension for the Open Banking initiative[1][1]. A number of banks are reaching the end of their extension period which obliges them to give banking customers more control over their financial data by allowing them to share it with challenger banks and FinTech firms.
The introduction of the open banking initiative across Europe opens the floodgates to competition - as PSD2 balances the scales between banks and digital players, banks are directing resources towards digitally transforming their operations and services.
Lloyds Banking Group recently launched a £3bn investment in a three-year strategy to strengthen its digital capabilities. It aims to slash costs to less than £8bn by 2020 and transform the banking experience for their end-customers.[2][2] The bank is driving capital towards technology and its staff to compete against mounting pressure from other traditional banks, challenger banks and FinTechs.[3][3]
Talent and human capital provide the best value and return on investment for banks looking to diversify their digital offerings. Investment in talent and digital skills goes hand-in-hand with investment in technology solutions to help banks become more fluid and responsive to changing customer behaviours.
In a world where everything is accessible at the click of a button, customer expectations need to be matched by the experiences created by banks. Earlier this year, USB found that online banking has overtaken visiting branches for the first time. The study found 52% of all consumer transactions are now done online, making it the primary method of banking.[4][4]
Bank branches are expensive with most retail bank branches costing banks between 40-60 % of total operating costs.[5][5] The cost savings from a reduced number of branches can be redirected towards investments into creating digital banking experiences that accommodate evolving customer habits.
With introduction of new financial technologies, the way in which people manage their money has shifted dramatically. However, the current potential of the UK financial services industry is restricted by the lack of tech and digital talent available. Firms are spending record amounts, with 85% of business executives allocating up to a quarter of their total budget to digital transformation in 2018.[6][6]
Digital Transformation goes beyond moving traditional banking to a digital world. A digital strategy is no longer limited to the IT department. In the current business environment, it transcends every aspect of a business and drives long-term success. In order to digitally transform, banks need to adopt a digital mindset. This means fostering a culture of innovation. It’s about going beyond the hype of digital trends and the latest buzz words and identifying the business impact on operations and service delivery.
Most banks still run on core systems installed in the 1970s and 1980s.[7][7] These enterprise structure are made up of a patchwork of systems with limited functionality for the current digital landscape. Fintech and challenger banks are not hindered by these systems, and have the agility to keep pace with customer expectations, which means banks are turning their attention to their business critical function and how they can re-engineer it to become more flexible.
Smart banks are taking advantage of cloud-based systems to enable staff to better communicate and interact with customers across multiple channels to accommodate all customers.
Banks definitely need to push forward with their digital strategy, but they must do so wisely, supported by a reliable digital partner. Technology is beginning to encompass all aspects of bank operations. Working with a single-source supplier that integrates digital into the DNA of the bank – from the talent to the technology solutions – is key to adopting a digital mind-set, which will support a bank’s digital transformation journey end-to-end.
[1][1] http://www.cityam.com/277814/five-uk-banks-given-open-banking-deadline-extension-cma
[2][2] https://www.fnlondon.com/articles/lloyds-puts-digital-banking-at-heart-of-three-year-strategy-20180221
[3][3] http://www.bbc.co.uk/news/business-43138764
[4][4] https://www.telegraph.co.uk/business/2018/01/10/digital-banking-overtakes-branch-use-may-fuel-closures-warns/
[5][5] http://www.economist.com/node/21554746
[6][6] http://www.digitaljournal.com/tech-and-science/technology/59-of-businesses-find-their-digital-transformation-falls-flat/article/504386
[7][7] https://www.euromoney.com/article/b143rj4dz3cd92/technology-investments-drive-up-banks-costs
With one in three bank staff now employed in compliance, and financial institutions groaning under the pressure of an ever-increasing regulatory burden, 2018 is set to be the year that RegTech rides to the rescue, stripping out huge cost from banks’ processes.
In the same way that nimble start-ups introduced FinTech to the financial sector, the stage is now set for the same tech-savvy entrepreneurs to apply the latest technology to help tame the regulation beast.
The challenge is even more pressing now, with the arrival of an alphabet soup of blockbuster regulation including GDPR, MiFID II and PSD2, which will stress institutions like never before.
What is RegTech?
Deloitte has set high expectations for RegTech, describing it as the use of technology to provide ‘nimble, configurable, easy to integrate, reliable, secure and cost-effective’ regulatory solutions.
At its heart is the ability of ‘bots’ to automate complex processes and mimic human activity. And RegTech start-ups are already using robotic process automation to translate complex regulation into API code using machine learning and AI.
The holy grail of RegTech, however, is to strip out huge layers of cost and dramatically lower risk by developing and applying complex rules across all business processes in real-time, automating what can otherwise be an expensive and highly labour-intensive job. Simply put, RegTech promises to do the job faster, cheaper and without human error.
Behavioural analytics
Just like its FinTech cousin, RegTech is already being used for a surprisingly wide range of applications, for example banks are using behavioural analytics to monitor employees, looking for unusual behaviour patterns that may be a tell-tale sign of misconduct.
Brexit will also present a golden opportunity for agile RegTech start-ups whose tech solutions can adapt and transform quickly according to the new regulatory landscape, while traditional institutions struggle with the pace of change.
Unlike FinTech however, which has largely been focused on B2C solutions, RegTech start-ups have to work much more closely with traditional financial institutions. That’s because capital markets are a highly complex, regulated area, where institutions are cash-rich and where access to funding is critical if vendors want to disrupt.
Bespoke solutions
Traditional institutions are also more likely to need solutions that are specifically tailored to the challenges they face, rather than the one-size fits many approach developed by FinTechs. For example, they rely on many different data systems, and this torrent of data often makes it difficult to compile reports to deadline for regulators – a perfect challenge for a RegTech start-up.
RegTech could well be the cavalry, riding in to save the investment management industry from the increasing amount of data being produced that financial regulators want access to. A significant amount of this data is unstructured, making it difficult to process, which adds a greater level of complexity. The flow and complexity of this data is only going to increase, and with it the challenge for banks.
Financial institutions are increasingly pulling out all the stops to crunch data and meet the regulator’s next deadline and in this high-pressure environment teams are not necessarily developing the strategic overview needed to streamline their IT architecture in order to reduce operational risk.
Compliance at speed
RegTech promises to automate these processes, making sense of complex interconnected compliance rules at speed, making compliance more cost effective, while reducing the chance of human error.
It also promises to dispense with the current time lag between a period end, the collection of data by the institution and assessment by the regulator – a process that is always backwards looking.
Under the RegTech model, powered by data analytics and AI, information is in real-time and self-correcting to ensure the regulatory process remains dynamic and relevant.
The scale of the advantages promised by RegTech, are such that banks successfully harnessing its power will strip out huge amounts of cost from their processes, which can then be invested in business-critical innovation, giving early adopters a clear competitive advantage over the rest of the market.
-
John Cooke, Managing Director
Black Pepper Software
One in two UK consumers would be happy to share transaction data with third parties if offered a more personalised service, whilst one in three would be happy to use banking services from technology companies, because of the personalisation they offer.
UK Banks that missed last month’s Open Banking deadline are facing up to the end of their extension period. Next week sees HSBC and Nationwide’s deadline to implement compliant payments functionality.
Until now, established financial services providers have been able to rely on large, mostly static customer bases. But once Open Banking gets into full swing, customers will be able to permit third-party access to their accounts and financial data, allowing tech companies to offer direct financial services, and giving increased visibility to consumers.
Open Banking will change the previously rigid rules of the game. It will make the financial services market more transparent, and put new and established providers on an equal footing. While new players will be looking to poach customers by offering them better deals and ultra-personalized service, traditional providers will have to prove that they are making efficient use of the data they already hold, by communicating in an increasingly personalised way.
Under Open Banking, financial institutions will have to adopt customer loyalty solutions in order to stay strategically ahead of competition. Only smart and precise communication could create such a relationship between a bank and its clients.
Pini Yakuel, CEO of relationship marketing platform Optimove, comments: “Banks and financial services providers will have to focus on giving the best possible value to the customer, to stop them switching to their competitors. Offering highly tailored communications will be key to this. Financial services firms will be looking at their existing data to find out what value means to each person, and adapting marketing strategies in an emotionally-intelligent way to make every customer feel special.
“Consumers are likely to see an increasingly personalised experience, as old and new financial companies move to distinguish their brand with promotions and rewards tailored to each individual, like retailers.”
(Source: Optimove)
