The FinTech world is buzzing about PSD2. Should banks be worried?
European banks are finally realizing the magnitude of the revised Directive on Payment Services (PSD2), which will force them to provide account information to third parties via Application Programming Interfaces (APIs) that cut out transaction intermediaries.
PSD2 aims to:
- standardize and make interoperable card, online and mobile payments
- reduce entry barriers for card & online payments
- align charging and steering practices across the EU
- regulate emerging payment services
With this revised directive, existing (forward-thinking) banking players and newcomers will suddenly be able to gather account information from multiple banks in a single app. The reason why this is a big deal is because banks could potentially degenerate into mere “dumb pipes” unless they leverage their brands, client bases and compliance experience to become the aggregators of choice.
What impacts will PSD2 have on the competitive dynamics of retail banking?
PSD2 will open the banks’ doors to new competitors - both FIs and non-FIs. This will put much more pressure on existing banks to keep the ownership of their existing customers via their digital channels, both online and mobile.
By letting any authorized Third Party Provider (TPP) access customer banking data and payment services, competition from non-FIs is practically assured and the use of existing digital channels won't be the only way to bank anymore.
Are the banks reacting appropriately? Could widespread uptake of account aggregation undermine customer loyalty?
Basically the banks have to decide: “Are we going to eat or be eaten?”
PSD2 represents a lucrative opportunity for new entrants to capture banks' existing customers. If the user experience within these newcomers’ digital channels is even slightly better than that of the bank, users will only rely on a bank based on the API services they can provide to the user's preferred mobile banking app (which has probably already been built by a TPP).
How would you advise retail banks to communicate the security of account aggregation?
Since banks will be the owners of the APIs which need to be built under PSD2 standards even for the provision of minimum required services, security is unlikely to be the issue of highest concern for banks, given the fact that they must follow and comply with the high security standards and they are used to anyway. Compliance and security is where banks have the upper hand when it comes to PSD2. For FinTechs it's a different story.
Does PSD2 pose any risks for FinTech providers?
In the rush to anticipate this updated directive, FinTech companies might overlook the security issues that are a mandatory requirement for banks under PSD2 as I just mentioned. Badly managed, the API economy could result in security gaps, and a consequent consumer backlash against FinTechs.
To sum up about PSD2, banks should see APIs as an opportunity to differentiate their value-added services against competitors. If Bank X is able to offer more value through an open API, they position themselves as the preferred banking partner for all these new non-Fis (FinTech) competitors that will arise.
Banks will no longer be the only provider of financial customer experiences, so they need to make sure others can offer all their banking services in an efficient and secure way.