There has been quite a lot of excited commentary about how PSD2 will revolutionize the banking industry, so I thought it was worth a bit of analysis to see what the actual outcome is likely to be.
What is it
PSD2 is a EU directective aimed at
- Forcing open API’s on the payments industry to open up competition including ability to deliver cross border direct debit
- Increasing security of payments/banking by mandating ‘strong authentication’ based on multiple factors
- Better transparency on charges for payments
What are people saying it will mean
A number of commentators are crediting PSD2 with opening up the EU banking market to much more competition from non-banks and between banks. The theory is that these new entrants will use the API’s expose to create new and exciting services that will take marketshare away from banks.
Some of the comments about it’s likely impact are getting quite excitable
For banks, PSD2 poses substantial economical challenges. IT costs are expected to increase due to new security requirements and the opening of APIs. In addition, 9 percent of retail payments revenues are predicted to be lost to PISP services by 2020 . And, as non-banks take over the customer interaction, banks may find it increasingly difficult to differentiate themselves in the market for offering loans. – [https://www.evry.com/en/news/articles/psd2-the-directive-that-will-change-banking-as-we-know-it/]
The main difference will be that we won’t need wallets anymore (eg: Paypal, PingIt) but we’ll simply ask Whatsapp to connect to our bank account and use our fingerprint to accept a payment request from the colleague next door. No need to open 3 different apps, fiddle with 20+ digit long IBAN codes and double check at the cubicle if the payment arrived alright. – [https://www.finextra.com/blogposting/12668/psd2—what-changes]
By breaking from the current banking monopoly, the payment services market will benefit from increased innovation and free-market competition. This, in turn, means that at a minimum, banks will need to reorganize their IT infrastructure and, most likely, will need to refocus part of their business model. For the banking industry, the new payment services established under the PSD 2 is having a tsunami-like effect. For a longtime, the industry had been fighting to avoid this evolution by arguing that such changes would cost a lot of money and would increase security risks. – [https://letstalkpayments.com/the-impact-of-psd-2-explained/]
What will it really do
Let’s test in turn the ideas
Change the way people pay away from VISA/Mastercard/Amex towards direct debit
PSD2 will enable any merchant or PSP to start allowing direct debits as a payment option. This is already a reality in some european countries (e.g Ideal in the Netherlands). PSD will certainly make it easier to allow such an offering.
- The addition of ‘Strong Authentication’ (which many cards don’t do today) could cause issues in the consumers minds - the ‘new’ stuff will look like it’s harder.
- What’s the benefit to consumers? PSD2 also prohibits card surcharges - so why would someone change their behaviour
- The authentication scheme looks like it will involve the bank - which will make this a harder payment flow than current payments
A lot will come down to ease of use, but just becuase something can be done, doesn’t mean consumers will change their beviour!
One theory goes that consumers will be able to go to a site (think Money Supermarket), log in and see all their accounts in one place and potentially be told ‘better’ accounts so they are more likely to switch.
This does look possible in PSD2 but I’m not sure it will be that revolutionary
- Compare it to Electric/Gas where this is possible, still the vast majority of consumers rarely, if ever, switch. People are really not that interested in their finances.
- Items like Mortgages anchor people to banks, it is extremely non trivial to move a mortgage and most people don’t unless there is a massive saving.
- The current technical standards for PSD2 don’t appear to lend themselves to a ‘running service’ for this stuff. If I could register all my banks and get notified when a better deal appears that would be great. But PSD2
- Does not mandate account discovery APIs
- Does mandate ‘short sessions’ and 2FA via each bank meaning that background services are going to be very difficult
So there will be an effect, but I not sure it will be that revolutionary. Those who already shopped round for financial products will be able to do it easier, those who can’t be bothered, still won’t be bothered.
Mandating multi-factor authentication in PSD2 should increase overall security. However it also goes with opening up API’s, so on balance I suspect the securty effect will be neutral. It’s probably worth explaining that
- Multi-Factor will reduce risk of many classes of hacking attacks on banks
- Sharing data by API’s will increase the number of organisations who have to get security right to keep your bank data safe
In theory all the organisations involved will be regulated, but regulation does not guarentee security, and if you have a bigger attack surface you probably have more issues. There is, and never will be, such a thing as a totally secure IT system - so if you have more systems you are less secure.
PSD2 is going to a big deal - lots of banks will implement open API’s, strong authentication and be transparent on charges. However I’m not sure it’s going to be enough to drive massive increases in competition. If we compare to other markets which are ‘open’ such as Electric/Gas even 30 years after the market was first opened up, many consumers cannot be bothered to switch. If I had a service that I could sign up to that auto switched my Bank, Electric, Gas based on what’s cheapest that would be really useful. However such a service is not enabled by the PSD2 proposals. Direct payments could be big, but I fail to see what will motivate a consumer to choose that, over the VISA card they already have (especially with the ban on surcharges).