PSD2 XS2A - Mobile Data Transfer Done Right

Posted on September 15, 2015 by Nevlynn Janssen

PSD2 XS2A Mobile Data Transfer Done RightNot so long ago, an informal agreement has been made between the European lawmakers concerning a revised Payment Services Directive, also known as PSD2. The agreement finally came about after a tri-party discussion between the Council of Ministers, the European Parliament, and the Commission. The final text was published on June 2nd, after all the technical work has been completed. In perspective, these developments form a foundation for the most discussed PSD2 part’s execution – Access to Account or XS2A.

The Council still has to approve the final text. After this, the European Parliament will have a voting on it, while the Council will finally adapt it sometime in September 2015, supposedly.

Even though principal security matters concerning XS2A are worded in quite conceptual terms, the ‘third party access’ will be featured in one way or another. Thus, it’s up to London’s own European Banking Authority (EBA) to evolve their Regulatory Technical Standards, or RTS, which will become the basis for market agents, such as banks and third parties, to implement XS2A.

What we want to state here is that PSD2 XS2A isn’t simply another ‘regulation’ that only requires a compliance and operational approach. This solution could be considered an enhancer for modern banks’ technological disruption by innovative and flexible service suppliers that not only aim the chain of payment value, but also each separate piece of the universal model of banking. Hackers only get younger and brighter and their innovations of revenue extraction are far more advanced, than ever before in the history of cybercrimes. In particular, this digital transformation development will ultimately remake the banking sector as people know it right now, so everyone will have to adapt their businesses as well as their operation models.


 Enabling Secure Mobility to gain a competitive edge white paper offer



APIs for Banking Executives as a Means of Digital Transformation Acceleration

The draft regulatory technical standards on security along with the PSD2, communication and authentication are going to be developed by the EBA. As a result of Application Programing Interfaces (APIs) discussion, this will allow third parties to access accounts. APIs are expected to permit all Account Information Service Providers (AISPs) and Payment Initiation Service Providers (PISPs) to effectively and securely connect to Account Servicing Payment Service Providers (ASPSP).

APIs have already been around for a while. In the past ten years, APIs have become a necessity for data share. They have enabled various organizations holding immense data amounts to become a fundament for third party innovative ideas. Such large platforms as Facebook, Google, and Twitter offer APIs to third parties, for example for sending messages or for login. Speaking of the payment niche, PayPal has become a pioneer in external APIs since 2010, which resulted in the growth and success of an entire new ecosystem.

Getting back to our topic, when external APIs are intensified through PSD2, they’re growing up to the range of a pan-European business topic among bankers. These APIs will allow customers to have more options of interactions with their banks, in contrast to regular mobile and online banking apps. In other words, APIs driven by XS2A will “break all hell loose” (that is account and associated data) through re- and disintermediation by Third Party Providers (TPPs).

However, the directive isn’t just about payments. Account data is also in scope, allowing big data business models for TPPs and banks. In addition, lending might integrate in live commerce transactions and offer a wide range of opportunities as a result of better management and better risk assessment. This is the reason why the directive has affects banking frontline so much and is considered by decision makers a top management priority in both commercial and retail banks.

The bottom line here is that this isn’t just a new regulation that only demands an operational and compliance handling. Banking top management has several quite challenging years in terms vision, execution abilities, and decision making ahead of them. In the end, XS2A is quickening the digital transformation trend in banking, which results in further unbundling of the universal model of banking. And in these times, when everything seems so confused and out of step, while top managers strive to make the right decision, Onegini is here to make sure that the data transferred between mobile apps and APIs is completely secure, both for banks and other market niches as well.

Topics: Security, Digital Marketing

White paper: Digital Transformation Insurance Companies