PSD2: Risks, uncertainties and opportunities

The European Commission’s revised Directive on Payment Services (PSD2) promises to fundamentally transform the payments landscape and, in the process, forever alter the relationship between banks and their customers.

At its core, the legislation is designed to increase innovation and competition in payments. It means banks will need to open up access to their data to third party payment providers (TPPs). PSD2 imposes tighter rules on authentication, consumer protection and security. It also expands the reach of the law to transactions with third countries where only one payment service provider (PSP) is in an EEA country.

The industry has until early 2018 to implement, but how are banks responding to the looming changes?

Risks and uncertainties

“There is no doubt that for incumbent banks PSD2 presents a number of challenges both strategic and operational,” argues a new report from Finextra.

There will need to be considerable planning around the change to so-called ‘one-leg-out’ transactions. Under the existing PSD1 schedule, transactions were exempt when one party was outside the EEA or the currency was non-EEA. But under PSD2, all transactions need to be compliant. Every bank will need to make sure their leg of the transaction complies with the rules.

But the biggest change is around access to accounts, which Finextra says is a “paradigm shift for banks in the payments business”. Undoubtedly it will mean a major rethink not only from a technical point of view, but also as it affects their relationship with customers.

PSD2 relies on the fact that banks are trusted keepers of customer data. Banks continue to hold that key responsibility, but with fewer of the privileges that used to come with it. Those privileges will now need to be fought for.

Banks will also need to come to terms with open APIs, which may not be all that easy given the prevalence of legacy systems. Moreover, there are tighter security and authentication demands that need to be grappled with.

But these are manageable concerns – what may be a bigger problem in the interim is the lack of clarity over certain aspects of PSD2.

For example, the EBA has yet to specify whether there will be a single API standard or whether individual countries can develop their own.

Another major worry is the gap between standards being available and needing to be implemented. The draft form of the technical standards will not be available for consultation until the end of 2016 and are unlikely to be finalised for 18 months after that.

So we could easily have a gap of six months between PSD2 being implemented and the technical ‘access to accounts’ standards being available.

This is also a risk from a competitive point of view. Banks want to get moving on PSD2 now but don’t have all the information. First movers could get caught out if they don’t build flexibility into their strategies. Nevertheless, there seems to be consensus that the time to start working on PSD2 is now.


“PSD2 also presents opportunities not just for new entrants but for traditional banks as well, and since it is now an inevitability, the only option is to seek to capitalise on them,” says the report.

There are clearly big opportunities for challenger banks who are unencumbered by legacy systems. But there is also plenty of scope for the big banks to take advantage of this legislation if they embrace it.

Italian digital bank CheBanca! general manager Roberto Ferrari told the Finextra team: “We believe in open access and open banking and we see a good opportunity here to play as an account information service provider or even a payment initiation service provider.”

In other words, bank ‘A’ could be a TPP accessing customer data from a rival institution to deliver a service or carry out a payment. Those that build the products and services that customers like will thrive.

And some are well underway. Open APIs are nothing new, PSD2 just makes them a must-have. France’s Credit Agricole and Dutch bank ING were among some of the early pioneers on this front.

But not all banks are ready. Partly this is down to mindset – most banks don’t like to see themselves as middlemen or agents facilitating customers to use any product or service they choose from other banks or providers.

This attitude will need to change if banks are to really benefit from PSD2 rather than simply see it as a threat. We can expect a level playing field before too long and this can only be good for competition in the marketplace.

Written by Andy Brown

Andy Brown

Andy is marketing director for payments at NCR. He has nearly 30 years' experience in e-payment systems from the delivery and support of systems in the Far East and Europe, from both the product management and marketing perspectives. Based in the UK, Andy is responsible for marketing NCR payment solutions.

Read more articles from Andy Brown