PSD2 and Open Banking: All you need to Know

This article is written by Trustpair

Flexible payment options, such as credit cards and buy now, pay later have been proven to help businesses improve their conversion rates by as much as 27%. With open banking APIs and PSD2 regulations, businesses can offer more payment options to their customers (and vendors), helping to scale their growth. But that’s not all open banking is good for. In this piece, you’ll learn about the advantages (and risks) associated with open banking’s biggest regulation – PSD2.

PSD2 and open banking: definition and context

PSD2 stands for the second iteration of the Payment Services Directive. It’s a European regulatory guideline tasked with connecting the data from banks to third party providers (fintechs).

The aim of the regulation is to decrease the barrier of entry for new companies to access the financial services market, and ultimately increase the quality and range of finance services for customers.

PSD2 came into force in 2018, after its first version was introduced back in 2007. The initial regulation was introduced to promote a single market for payments in the EU.

But this second version was necessary because of the rise in open banking – consumers’ expectations have evolved as banking accounts and services moved online. As such, PSD2’s core concepts, including AIS and PIS were created to meet these expectations and maintain the integrity of the payments market.

And although it’s mandated in the European market, there’s still a lot that US businesses can provide within the confines of PSD2.

AIS: Account information service

Account Information Services (AIS) enable registered service providers to consolidate and report a user’s data from multiple sources into one dashboard.

A budgeting app like Emma or PocketSmith, which both connect multiple bank accounts to automatically analyze transactions, is a good example of this.

In order to be authorized to access and consolidate this information, third party providers must be registered with their National Competent Authority (which also manages PSD2 compliance). By being approved on this list, AIS’ need to have completed their due diligence and demonstrate that they can adhere to the security standards of the payments regulation.

PIS: Payment initiation service

Payment Initiation Services (PIS) work a bit differently. It enables users to pay for products or services from inside a business app, instead of having to set it up through their bank. This brings the benefits of digital convenience, since the likes of direct debits or bank-to-bank payments are incredibly manual and time-consuming.

In-app payments could vary from gaming purchases to online subscription payments for business products. But what remains the same, every time, is that users benefit from seamless and secure real-time transactions at a low cost.

And, they get full control over their purchases thanks to automatic push payment (APP) notifications. These notifications pop up on the phones of payees as before their money leaves their account, as an extra authorization step.

Having said that, authorized push payment fraud is emerging as a threat. With cellphone users getting constantly pinged by notifications, it’s easy for users to get confused and authorize withdrawals.

This type of mobile payment fraud happened to customers of TalkTalk (a telecoms business), when fraudsters called up the customers and told them to accept the APP for a refund. Instead of funds being deposited into their account, it were withdrawn.

Open banking and APIs: how does it work?

Although Payment Services Directive 2 does not mandate any particular methods or tools (since it’s a directive), APIs are the clear option for implementing open banking services.

API stands for application programming interface. They are like keys – when developers have a platform that they want to link with a bank, they will use the bank’s API to unlock data sources from the bank. Of course, each API works with the highest level of security, ensuring that open banking can be scaled at a low cost.

Here are some examples of the services that work through open banking APIs:

Financial analysis: get instant access to insights into financial wellbeing and investment decision
Cross-currency transfers: make secure international payments with ease
Donations to charities: use online platforms like JustGiving to fundraise
Payments: pay by QR code, app, or a link sent by text
Spending reports: get insights into company expenses and savings suggestions
Investment analysis: see how well your investments are doing, and set parameters to find similar funds

Open Banking: what are the key advantages?

When it comes to the advantages of open banking, we’ll focus on three of the most impactful:

PSD2 standards for security
Greater competition leads to better consumer experiences
Improved financial wellbeing

PSD2 standards for security

The introduction of multi-factor authentication came in with PSD2. This elevates payment security standards with greater internal controls, as it required at least two of the following three verification measures to take place before a transaction could leave the payee’s account:

Knowledge: something the payee knows, such as a password
Inherence: something the payee is, such as a facial recognition scan or fingerprint
Possession: something the payee has, such as a text to a phone code, or link sent to their registered email address

Also known as 2FA, this implementation is an incredibly popular one for businesses – both used to authenticate their customers and administrators. In fact, 64% of companies use MFA to verify customer identities, and 90% to validate their staff users as of Jan 2023.

More competition leads to better customer experiences

Long gone are the days where we all choose a bank as a teenager, and stick with it. In fact, more consumers in the US are reporting their interest in switching banks today, than compared to any point within the last decade.

Open banking is one of the driving forces behind this change, since it’s enabled so much innovation. Now, financial institutions can partner with third parties to offer:

budgeting support
automatic expense filing
quick-fill loan applications
easy subscription management
and more

With open banking accessible across the board, it’s up to the banks and financial institutions to build better customer experiences. Think improved UX design, gamification, and more account features, like savings calculators or investment predictions.

Fueling the competition, this ultimately results in good news for the customer; more convenience, better app navigation and access to innovative products and services.

Improved financial wellbeing

The data that open banking provides can help individual customers and businesses alike. For example, data-driven businesses are 23 times more likely to acquire their customers, and six times more likely to retain them, than institutions that do not use data in their strategies.

By implementing APIs to report on customer interactions, transactions and behavior, users can better understand how customers make purchasing decisions. This leads to higher conversion rates, since businesses can make the right offers at the right time.

For example, banks could send the following offer: “we can see that you’ve been earning above the tax threshold. Would you like to automatically transfer a % of all incoming revenue to a tax savings pot?”.

By providing personalized insights based on data, financial institutions will help their customers to improve their financial wellbeing and become better informed. Likewise, business organizations can pass these data-driven benefits onto their own customers and third parties. For example, leveraging insights into average delivery times and days to payment post-invoice can improve supplier relationships and performance.

Open Banking: what are the key challenges?

Despite the advantages, there are still some risks associated with open banking:

Fraud
Regulatory compliance

Fraud

While multi-factor authentication is the gold standard, still 28% of users who have this installed fall victim to fraud. It’s clear that businesses can’t solely rely on the anti-fraud measures of 2FA, but instead put their own anti-fraud practices into place.

Potential security measures include:

Payment fraud platforms: Trustpair is an example of a payment fraud platform that confidently manages payments across the supply chain. By comparing account and company details against an external global database in real-time, Trustpair prevents payments from leaving our account if any suspicious mismatches are discovered.
Employee training: by informing your workers against the red flags of fraud, you can empower them to spot the signs. Scenario testing helps staff to fill the gaps relating to fraud detection, and can inform your response plans against various types of fraud.

Regulatory compliance

Regulatory compliance is another key concern for the PSD2 guidelines in particular. Under the open banking regulation, both financial institutions and third parties must adhere to specific rules.

For example, ‘Know Your Customer’ checks and suspicious transaction reporting are both required for anti-money laundering compliance. But for a third party with thousands of customers, managing all of the transactions and identifying suspicious patterns could become overwhelming.

In order to comply, these businesses could opt for automated systems that will help them to manage high volumes of data requests without exhausting resources manually. Trustpair is one example of a service-provider in this realm, with the ability to track and validate thousands of vendor account details in only a few minutes.

What’s next for the PSD2?

Soon it’ll be time for PSD2 to move over and make way for PSD3. The third iteration of the EU directive is well on its way, and aims to level the playing field between fintechs and banks, and further harmonize payments across the EU.

The biggest improvements center around enhancing strong customer authentication, and a visible dashboard for users to see exactly what information banks and third parties hold on them. This improved transparency aims to benefit the customer and bring even more confidence about the integrity of open banking.

It’s likely that the final versions of PSD3 will come into play at the end of 2024, or beginning of 2025.

Join our Treasury Community

Treasury Masterminds is a community of professionals working in treasury management or those interested in learning more about various topics related to treasury management, including cash management, foreign exchange management, and payments. To register and connect with Treasury professionals, click [HERE] or fill out the form below to get more information.