Under PSD2, banks and other account-holding institutions in the EU are required to provide APIs for licensed external services providers: so-called Third Party Providers. After obtaining their license, these TPPs can use the APIs to offer a range of payment and information services; from consumer apps that provide an overview of all your different bank accounts in a single place to software that helps e-commerce websites facilitate direct payments.
The directive distinguishes between two types of TPPs: AISPs (which provide account information services) and PISPs (which initiate payments). Different licenses will be given out to reflect the nature of the activity. Existing businesses can also get a TPP license, so that payment and information services can be taken in-house. Potential new TPPs include:
PSD2 offers interesting opportunities for businesses: integrated payment and information services, whether in-house or provided by an external TPP, can improve the customer experience and provide access to a wealth of customer information and insights.
At the same time, PSD2 brings a number of technical challenges for banks and TPPs. In most cases, existing IT infrastructure will need to be changed to facilitate TPP access. Moreover, PSD2 also includes strict security and authentication requirements, which must be implemented across all access points. You can read all about what you need to become PSD2 compliant in our in-depth article.
PSD2 will present unique opportunities and challenges depending on your business situation. We have outlined the implications of PSD2 for Third Party Providers and for insurance companies in two dedicated articles.
PSD2 was created to promote a more integrated and competitive financial services market in the EU while protecting and strengthening consumer rights. Traditionally, financial and payment services were mostly offered by banks and related institutions, leading to a relatively closed-off market. This directive opens up the market, allowing easier access for existing businesses as well as fintech companies who can provide agile and innovative payment services for consumers and businesses alike.
The directive is nicknamed PSD2 because it is a follow-up of the original Payment Services Directive of 2007. It came into effect in January 2018, and all companies must comply with the national laws and regulations pertaining to PSD2 by September 2019. The original PSD provided a legal foundation to improve the ease, efficiency and security of cross-border payments within the EU. It was instrumental to the implementation of the Single European Payments Area (SEPA), lowered the barrier to entry for payment institutions, and offered consumers increased freedom of choice in the payment solutions they wished to use.
In 2013, the European Commission proposed a review of PSD due to innovations in the payment services market, which were unaccounted for in the existing regulations. Moreover, the Commission noted that the application of the rules from the original directive tended to vary across member states. PSD2 serves to lay down updated ground rules for new players on the payment services market as well as update the definitions of the regulations set out in PSD to smooth out any differences between the member states.
Onegini Connect is a flexible, white-label CIAM solution with strong authentication and security features. On top of that, the platform facilitates a seamless customer experience. TPPs and insurance providers can use Onegini Connect to implement banking-grade, PSD2-compliant security while offering customers the frictionless user experience they are looking for. That way, Onegini Connect gives businesses a competitive advantage while ensuring that their technology is PSD2 and GDPR-compliant at all times.
To learn how Onegini can help you with becoming PSD2 compliant, read the KuppingerCole analysis. You can download this report via the form below.