Open banking and PSD2 - Secure innovative services via Open API
Ecommerce is now a fact of life.
Whether buying groceries with one click on Amazon or ordering a taxi on your phone with Uber, customers worldwide increasingly rely on the convenience of online services.
In the banking sector, new innovative services based on open data also known as open banking are showing up more and more.
In short, open banking means opening customer account information - accessible via APIs - to third-party providers.
Yes, it's BIG.
New actors will change the traditional banking landscape.
New third-parties like account information service providers (AISPs), can provide consumers with visibility across all their banking accounts via a single app,
Payment initiation service providers (PISPs) can offer consumers an easy means of making direct fund transfers for online transactions.
The bank of tomorrow is the one that not only sees these changes on the horizon but also adapts to this new environment.
Otherwise, customers are more than willing to move on with a financial partner that can provide the services they seek.
According to a recent Thales poll, 38% of those surveyed would leave their bank if another provider offered better services or better rates.
OF CONSUMERS WOULD LEAVE THEIR BANK IF ANOTHER PROVIDER WERE OFFERING BETTER SERVICES OR BETTER RATES
It's a call to action.
Open banking is here.
The revised Payment Service Directive (PSD2) fosters the development of innovative services based on open data in the banking payment landscape.
In particular, it aims to encourage the creation of alternative internet payment methods across all common types of devices (e.g., computers, tablets, and mobile phones) by allowing third-party providers equal access to customer account information and transactional approval.
PSD2 specifies that consumers have the right to use any third-party provider for their online banking services.
As a result, banks are mandated to provide open Application Programming Interfaces or APIs to allow software at one company to access payment account information and payment initiation from another.
PWC forecasts that 71% of Small and medium-sized enterprises and 64% of adults will adopt open banking by 2022. This move is revealing a solid adoption of open banking technology across the financial services sector.
In other words, the move to open banking means removing barriers between competitors as it requires banks to allow their account details and transactions to be shared with third parties through APIs.
Why is open banking a big deal?
Open Banking creates a gigantic shift in the world of banking. It can rebalance the relationship between businesses, financial institutions, and customers.
Open banking and the rise of the digital economy
Open banking is playing a significant role in the rise of the digital economy as it makes payments easier and more transparent.
More data means more opportunities.
Ignoring the future is simply not an option.
Progressive banks are those who embrace innovation and enact measures to open up their data for enhanced banking services.
By working more closely with third-party actors, financial institutions can better prepare themselves for the market changes and proactively identify research and development areas.
Our identity and access management (IAM) solutions allow organisations to meet the evolving needs around cloud applications and mobile devices by enabling secure access to online resources and protecting the digital interactions of employees, partners, and customers with market-leading strong authentication and digital signing products.
Most commonly used PSD2 acronyms.
An Application Programming Interface is a set of subroutine definitions, protocols, and tools for building application software. It defines methods of communication between various software components.
Account Servicing Payment Service Provider, the traditional type of Payment Institution, as banks, with which a PSU
(payment service user) holds one or more accounts and from or to which the PSU issues payments. Every ASPSP must register under PSD2 as a Payment Institution.
An Account Information Service Provider acts as an aggregator of data relating to a PSU’s accounts held across one or many different ASPSPs. AISPs must register under PSD2 as a Payment Institution. AISPs belong to the TPP category of PSPs.
The European Banking Authority is an independent EU Authority that works to ensure effective and consistent prudential regulation and supervision across the European banking sector. Its overall objectives are to maintain financial stability in the EU and safeguard the integrity, efficiency, and orderly functioning of the banking sector.
Payment Initiation Service Providers are granted permission by a payment service user (PSU) to initiate payments on behalf of that PSU.
They do this by establishing a software ‘bridge’ between the merchant's website and the online banking platform of a payer’s bank to initiate payment.
The PISP would typically be made available as a payment option on a merchant’s website. PISPs belong to the TPP category of PSPs.
Payment Service Provider, a general term for providers that offer online services for accepting electronic payments by various methods, including credit/debit cards and real-time transfer. Traditional PSPs such as banks and financial institutions have now been joined by an increasingly large and diverse set of third-party service providers (TPPs).
A Payment Service User is essentially a customer—either an individual or a corporate entity—who has one or more bank accounts.
Regulatory Technical Standards. The European Banking Authority (EBA) has been tasked with specifying ”Regulatory Technical Standards” (RTS) for authentication (Article 98) that define how to implement the security obligations imposed on PSPs. RTS mainly focuses on SCA, exemptions to SCA, and open communications between ASPSPs, PISPs, and AISPs.
Strong Customer Authentication is a procedure based on the use of two or more of the following elements: Knowledge( Something only the user knows, e.g., password, code, personal identification number); Ownership / Possession (Something only the user possesses, e.g., token, smart card, mobile handset); Inherence (Something the user is, e.g., biometric characteristic, such as a fingerprint).
Third-Party Provider, a category of PSPs covering PISPs and AISPs.
More resources on open banking & PSD2
The new PSD2 directive is a fundamental piece of payment legislation in Europe. Learn how to get ready with Thales. Read more
Strong Customer Authentication
Strong Customer Authentication, as defined in PSD2, means that transactions are authenticated using 2‑factor authentication or more. Read more
How to improve user experience?
By evaluating risk and adapting accordingly, banks can offer a targeted approach that strikes the right balance between security and user convenience. Read more
Thales – The PSD2 expert company
PSD2 compliant solutions for your authentication needs
For more information regarding our services and solutions contact one of our sales representatives. We have agents worldwide that are available to help with your digital security needs. Fill out our contact form and one of our representatives will be in touch to discuss how we can assist you.
Please note we do not sell any products nor offer support directly to end users. If you have questions regarding one of our products provided by e.g. your bank or government, then please contact them for advice first.