PSD2: What to expect in 2018?
Interview with Adrian Năstase, Asseco SEE Sales Manager
June 21, 2017
The interview was originally published in eFinance/the “Piaţa Financiară” magazine in Romanian and is provided below in full.
Q: 2018 looks like it will be the year when retail banking starts to transform quickly after the entry into force of the PSD2 Directive. Basically, banks will lose their “monopoly” over the information related to customer accounts, and payment services will take a new turn. It practically opens the door to those who want to take pieces of the lion’s share from the banks. How could such a massive, unforeseen competition be prevented?
It is difficult to estimate such a thing, but it’s certain that the dynamics will become more intense in this area. We expect new global players to appear but, at the same time, this can be an opportunity for existing banks to develop and aggregate different functionalities, thus leading to eventual gains.
Q: Basically, PSD2 will allow retail and corporate customers of the banks to use third-party services to manage their finances. We cannot exclude the possibility, in the future, to pay our bills via Facebook or Google, to make P2P transfers and to take advantage of the analysis of personal expenditure while at the same time keeping our money safe, in bank accounts. Third parties will be able to offer financial services using the data and the infrastructure of the banks. How should such potential threats be seen by credit institutions?
Such services and threats also exist now. However, what PSD2 brings new to the table is a framework where the access to these services is granted in a controlled manner, both by the bank by means of security mechanisms, as well as by the customer who needs to provide his consent so that the information can be accessed with the help of a third party. However, banking services remain with the respective bank, they are not modified. With respect to security, the authentication or authorization of a transaction is performed by observing the mechanisms imposed by the bank, also ensuring the traceability of the user’s actions. From a retail customer’s perspective, this benefit would be a global, centralized view of the products he owns from several banks. For the corporate area, the situation is complex, because banks have to take into account specific requirements such as the users’ rights or multiple signatures for payment authorizations.
Q: Among expected changes, there are new requirements to strengthen the authentication of bank customers, including – the assistance for the authentication using two elements for the most popular types of payment, but also the need to supply operating interfaces for the so-called third party providers. Such providers can be payment initiation service providers (PISP), account information service providers (AISP) or any combination of such third parties. A PISP will initiate payments, while an AISP will provide an access to the information from the bank account. Will these be local, regional or continental players?
It will certainly be a mix. I think the role of banks but also the role of technology providers to educate and inform users correctly concerning these electronic services is very important. This depends directly on the degree of the acceptance and the appetite of the Romanian users. From the analysis of the statistics available up till now, there is a huge potential for growth in this area. It is also expected that global players (Apple, Google, Facebook) will have a very important word to say concerning the direction in which these services will evolve.
Q: In the case of banks, we might assume that, due to the stricter security requirements imposed by the new Directive and due to API interfaces becoming more open, the expenditure of credit institutions will rise. Moreover, it is believed that 9% of the revenues generated by payments in the retail sector will be lost in favor of future PISPs.
Taking into account the future of an ever more competitive market, banks will have to adapt their strategy. However, the security requirements are necessary in the actual context, when more and more advanced and personalized cyberattacks affect a certain bank or even certain customers. In these cases, the reputational risk must be diminished, and the measures that were adopted are beneficial to the Romanian market. With respect to revenues, it must be said that banks continue to be the main player and that it is not a matter of replacing the services offered by the banks. However, their capacity to compensate for possible decreases in certain areas with the opportunity of generating new revenues, which I think is possible, depends on banks’ strategy.
Q: The entry into force of the PSD2 Directive in 8 months will force banks to make strategic decisions, depending on the subsequent evolution of the payment ecosystem. How local or European do you think the financial markets will stay? How might customers react: will they remain loyal to traditional banks or will they trust fintech startups for making payments?
Indeed, banks that will react fast and adapt to the new requirements will notice gains. Witnessing the evolution and globalization of the financial markets, we can say that, from the customers’ point of view, the difference is no longer made between a local and the European market. When choosing banking services, they opt for trustworthiness as the differentiating factor, and probably the most important one. However, it is certain that traditional banking will change. What remains to be seen in the upcoming period is how we can ensure greater safety and provide added value to the customer services.
Q: Will the PSD2 unify the European financial services market? Currently, less than 3% of the customers from European countries have purchased banking products from another EU country. Do you think this will change in the future?
The answer is definitely yes. There will be less and less obstacles in the path of a single European market, and this seems to be the direction we are heading in.
Q: Disruptors, unknown competitors, Fintech companies are these players who will shake the current European payment system to its core. Can banks transform such entities from competitors into their partners?
There are currently such successful partnerships and I believe that in the new context imposed by the PSD2 directive things will develop in this direction. Obviously, Fintech companies will try to come up with a new approach for electronic payment services and emphasis will be placed on the added value of the respective service. Partnership or competition, the end user will profit from this, the emphasis is placed now on satisfying the customer’s needs.
For more information on PSD2 requirements and solutions, please visit How To Meet New Strong Customer Authentication Requirements Under PSD2.