Four Driving Principles to Guide your PSD2 Solution
The revised Directive on Payment Services (PSD2) is the latest in a series of legislation by the EU to enable modern, efficient and inexpensive payment services and to enhance protection for European consumers and businesses. A main thrust of the new PSD2 requirements is providing third parties with access to customer accounts for account information and payment initiation services provided the consumer provides consent. As a result, the overall ecosystem is likely to undergo changes, significantly altering the competitive landscape for banks.
In this context, banks should think offensively, not defensively: PSD2 is an opportunity for value creation and growth. Banks strategic options are plentiful if they think more broadly than just achieving compliance to PSD2. Through different collaboration models, banks can offer advanced payment and account information services, expand to services in other areas of banking and explicitly expand their service portfolio beyond traditional banking – all of which can lead to differentiation and new sources of revenue.
To lay the foundation for innovation in a post-PSD2 hyper-competitive world, banks should ensure their PSD2 solutions adhere to four principles:
- Open APIs: Open APIs are fundamental to the creation of “business mash-ups” and hence crucially important in implementing new business models. Open APIs need to be at the heart of the solution.
- Agility: Legacy technology platforms make it exceptionally difficult to create the requisite pace of change. API programs are likely to struggle without enabling components in place to resolve this issue. The PSD2 solution should help to enable the needed agility.
- Open innovation: The ability to engage with a diverse ecosystem of partners, developers and third-party providers (TPPs) is important to rapidly innovate around products and services. The solution needs to enable banks to manage an open Innovation ecosystem.
- Security: Keeping customer data secure is fundamental to instilling confidence in users and also protecting the banks from legal and liability issues. The solution should incorporate the needed security, including DDos protection, end-to-end encryption, two-way secure digital trust and explicit customer consent compliant with EBA RTS
Banks have the opportunity to turn a PSD2 regulatory compliance investment into business differentiation. The strategy they choose, and the solution they deploy, will determine whether that business opportunity comes to fruition. These four principles will help ensure banks are advancing in the right direction.