Open API and open banking – 7 product ideas
The countdown to the great revolution on the financial market is underway. Banks are facing a massive change that is going to transform the entire banking and payment market. What does the implementation of the PSD2 Directive mean for the sector? What requirements does it introduce and how is it going to impact everyday lives of Europeans?
The new law aims at regulating the wild landscape of financial services in Europe, while also bringing about some elementary changes in the existing law, being an amendment to the existing PSD Directive of 2011. Apart from introducing the XS2A (Access to Accounts) requirement for banks and new categories of entities: ASPSP (Account Servicing Payment Service Provider), PISP (Payment Initiation Service Provider) and AISP (Account Information Service Provider), the new directive sets forth a structure and rules concerning all the players on the market. Technical guidelines for banks and other companies, who are willing to be open according to the principles of the Directive will be presented in the RTS (Regulatory Technical Standards) document, the final version of which will be made available this year.
This is custom heading element
The Directive obligates the banks to open their data and to enable external units and and service providers to connect to their customers’ accounts. The openness of data will greatly increase the number of their uses
Transparency and clarity
Before making a payment, the customer will have to be clearly informed about all the details and costs to be incurred. All business entities need to be transparent with regards to certificates, the data obtained and its protection.
Every change with regards to the details of a transaction will have to be confirmed and accepted. The dynamic connections described in the PSD2 Directive mean that the authentication process needs to be tied to a single transaction and in the case any detail (such as the amount concerned) changes, the transaction needs to be authorised again.
The Directive requires strong authentication for the majority of transactions and access to the account. All exceptions concern verification using different methods and are clearly defined in the RTS. In practice, two out of three security conditions will always have to be met (such as a token and a password, iris scan and PIN, etc.) in order to enable access to the account.
The PSD2 Directive pays great attention to the issue of personalised security authorisations. Users’ trust and assurance are the priorities of the Directive, especially in light of the General Data Protection Regulation Directive enacted in 2016, which enters into force in May 2018 and organises the existing laws, ensuring the rights of EU citizens to manage access to their personal data. GDPR also provides central guidelines for legislation in the Member States.
Dyrektywa narzuca restrykcyjne zasady uwierzytelniania klientów w trosce o bezpieczeństwo transakcji elektronicznych i danych osobowych uczestników tych transakcji. RTS zawierają wiele wskazówek, jak należy chronić te procesy i jak weryfikować, by jednocześnie nie pogarszać jakości obsługi klienta. Są też w dyrektywie dopuszczone nieliczne wyjątki od silnego uwierzytelnienia, bardziej szczegółowo opisane w RTS-ach.The Directive imposes some restrictive rules regarding customer authentication in order to ensure full security of electronic transactions, as well as personal data of the parties involved. The RTS contain a number of tips and guidelines regarding ensuring the security of these processes and making sure that the authentication process does not impact the quality of customer service. The Directive also allows for a number of exceptions from the stringent authentication requirements, further described in the RTS.
The above-mentioned priorities, together with the RTS technical guidelines, create a fast way for new financial products. There will be more of them and they will be getting more and more advanced, along with registration of new PISP and AISP entities and with the growing number of various APIs tasked with sharing, fetching and processing financial data of banks’ customers.
This is custom heading element
This is custom heading element
In light of this change, we can already predict some of the consequences which are awaiting us as a result of the implementation of the PSD2 Directive. Its authors believe that the European market helps set worldwide standards, contributing to the development of the new trend of distributed economy. We decided to highlight 7 key groups of products and services that will appear in Europeans’ everyday lives after 2018.
Services from FinTech sector providers
These companies have been long collaborating with banks, developing the existing solutions and creating new engaging customer experiences in the world of finance. In the future, they might provide multi-currency accounts, security based on augmented reality, automatic loans, factoring for small enterprises and freelancers, as well as services for automating and managing payments. Thanks to the opportunity for the start-ups to manage account information (AISP) and financial services, the future seems to be bright for them, with unending possibilities and opportunities. Thanks to the Directive, we will receive a set of standards for authenticating our transactions, which creates a transparent and secure commercial potential, allowing FinTech companies to develop new services for us.
Using financial services and managing payments will take place on an external portal that may evolve towards becoming an aggregator of financial products and services provided by a number of financial institutions. Thanks to a functional and attractive interface, the service will present consolidated services and multi-faceted analysis of their finances to its users. This, of course, carries the risk for the banks that the customers will lose touch with them, but it will also be an opportunity to present new data, such as loans, savings and mortgages. New investment or loan portals may appear, and so may new solutions dedicated to a variety of market niches, for example small enterprises. A superbank may also gather information pertaining to the entire transaction history of the consumer and access the analysis of the customer’s spending in their lifetime or during their studies. It is also worth thinking about the role of ATMs in the future landscape without brick and mortar branches. They will still be present, but they will be also able to provide access to new products and their role will be greatly expanded, allowing them to become automated, virtual “clerks” or even turn into “mini-banks”.
Accounting service providers (AISP) and account parks
We may expect the emergence of new service providers, who create new and innovative solutions for managing identity, based on accounts, transactions and historical data of their customers. The legislators decided to follow the example of the United Kingdom, who set new standards with regards to public service solutions and insurance products. The aggregators in the UK led to a total transformation of the market, since they allowed the customers to directly compare insurance policies. Today, the price is the leading factor in purchasing a given service, this is not going to change in the future, when the PSD2 Directive enters into force.
Risk management as a service
Even today, new solutions which automate risk management are created. The Directive will provide access to new data, thus enabling the creation of new solutions monitoring and managing various risk aspects. They will allow the financial institutions to provide better advice, while ensuring their customers’ comfort.
New authentication methods
The SCA (Strong Customer Authentication) requirements, described in the Directive, will increase the security of all transaction by implementing three-factor authentication of the customer. All these factors will authenticate the user independently of each other, in the sense that a breach of one of them will not lower the confidence in the remaining two. At least two of these factors need to be fulfilled in order for the authentication to be accepted. These factors are: knowledge (something that only the user knows, e.g. password), possession (something that only the user has, e.g. smartphone token), and customer features (something that only the user is, e.g. their unique fingerprint). New companies will emerge, based on the AaaS model (Authentication as a Service), that will specialise in software solutions, manufacturing authenticating tokens and smart cards for business, as well as iris scanners, voice recognition and analysis software, protection of authentication data and digital identity confirmations.
Along with the developing new payment models, similar to PayU and Przelewy 24 services, new players will emerge, providing access to payment services (PISP). Giants such as Amazon and Google are already preparing to enter the financial market. Also the social media networks, such as Facebook, are aiming to become payment service providers. This might be an interesting impulse for the development of such services, especially given the open API policy implemented by Mark Zuckerberg’s company.
New payment models
These days, a single mobile payment channel offers us a number of payment models, such as payment by SMS, NFC and P2P. A number of virtual stores and chains keep looking for alternatives to payment cards. Thanks to the PSD2 Directive, these entities may now become PISPs, giving them the opportunity to provide that much-needed added value: improving customer experience, lowering risk and prices. Understanding the benefits stemming from providing access to data, VISA made their Visa Checkout API available in order to facilitate PayPal and Square payments. This all leads to a mobile channel that will become the most basic connection between the financial services and their user. Technologies such as NFC are set to develop further. A smartphone will be equipped with additional functions, thanks to which their users will soon forget about the primary use of their devices. Mobile payments will slowly push out cheques, then cards, and finally cash.
This is custom heading element
Mobile wallets and smart payment systems are technologies that are currently in use. Soon our virtual advisor, based on AI technology, will know a lot about us thanks to knowing how we deal with our money. They will be able to tell us how much we have and how much debt we are in, what products do we buy, when will the next salary come, what expenses are we going to have and how our shopping will impact the monthly budget.
The most important aspect of it all is knowledge and trust – banks will get to know their customers, and the customers will trust their banks. Only then the system, the development of which is stimulated by new EU law, will become commonplace.
Financial institutions need to start thinking about the people and individuals, focusing on social sensitivity. These days, banks are rarely considered to be institutions that are actively serving their customers in social media. Therefore, this industry will have to go the long way towards new customer service standards, which the customers already know from other sectors and industries,
The future of the banking sector is all about change, wrote Brett King, a famous financial expert in his “Bank 3.0” book. The key to generating new products and financial services is their contextual nature, and contexts tend to change, just like channels and their users. Only by staying on top of the changes, the companies (including banks) will be able to successfully participate in the race to get their customers.
Business strategies need to be shaped based on dialogue. Soon, the products on the financial market will be shaped mostly by their users. A modern organisation set on development should take care of their digital competencies and develop cloud-based technologies. Today, API is becoming a gate between the bank and the rest of the world. But the final goal here is that there should be no gate in the future.