Banks begin the countdown to the application of PSD2

January 13, 2018 is a date that many finance executives have already marked in red on their calendars. That day will mark the entry into force of the first phase of the second EU Payment Services Directive (PSD2), which replaces the 2007 version. Although EU directives don’t tend to create much excitement, PSD2 will not only revolutionize Europe’s financial sector, it will bring new and better opportunities for consumers, which is its principal goal.

PSD2 changes the rules of the game, as it will require banks to give other companies access to their payment services and to the online bank account data of consenting customers, provided that the competent national authorities have authorized those companies to operate. The directive will boost financial innovation, by providing new competitive tools. Consumers, on the other hand, will benefit from increased competition, along with safe, faster, more agile services throughout the EU, a single financial services market.

The implications of PSD2 for the financial sector were widely discussed during the recent PSD2Day conference, organized by training company iKN. During the event, experts in finance and IT solutions – the technical and technological challenge of PSD2 is substantial – shared their insights in a climate of moderate optimism, despite the many questions that still need to be answered.

In principle, PSD2 sounds like bad news for incumbent financial institutions, as it will require them to collaborate and support new fintech entrants that aim to take away some of the banks’ business. However, the context helps: PSD2 arrives at a time when many banks are in the midst of the paradigm shift, as they continue increasing their focus on software and smart processing of data.

“Today, banks have a global vision of data, and this opens new business prospects for us. We can choose to become much more than just banks, by offering, for example, payments-related services,” said Tina Peris, Head of Cards and Fraud Management at Bankia. “Banks have been preparing for this change for a long time,” said José Ferreras, Head of Digital Payments at BBVA Spain: “From a strictly business perspective, I understand that some people may be even more worried about it, such as card issuers.”

Ferreras went over the key innovations that consumers will soon be able to enjoy. “Consumers will no longer need a plastic card linked to their online accounts, or be required to store card details and CVVs anywhere, or memorize their IBAN number.. And stores will also benefit, because intermediaries will be eliminated,” such as credit cards, along with their corresponding fees, he said.

This change in the rules of the game will cause banks to start moving towards a “platform model, where they will offer financial services, but will also need to build an ecosystem around it,” said Mario Robledo, of the technology company Indra. “Thanks to the power of data, they will be able to offer personalized advisory services to their customers.”

In this pristine landscape, with new players, new payment methods and more connected devices, the finance sector will have to take its cybersecurity policies to the next level: “It’s a challenge,” said Peris, who admitted to being “somewhat concerned, as the current system is very safe.” For that reason, the PSD2 directive establishes a new financial authentication framework, aimed at increasing security when accessing electronic financial services.

The security bar for digital payments is currently set very high, and to keep it there, or even raise it, the financial sector is betting on APIs (Application Programming Interfaces). “They are an unbeatable platform to guarantee security, and are also agile and fast,” said Rufino Honorato, CTO for Spain and Portugal with software company CA Technologies.

Many of the participants agreed that one of the key challenges for the industry, is striking the right balance between operational security and user experience.  Safeguarding digital security is essential, but it needs to be achieved without hindering consumers’ activity.

The technical specifications for PSD2 security and authentication protocols are still being discussed, and will take months to arrive, but nothing will stop the PSD2 directive from being applied: this winter, Europeans will begin to change the way they pay.