As we approach the January 2018 go-live date for the revised Payments Services Directive (PSD2), market players are reacting in different ways to one of the key pillars of the directive – the opening up of customer bank account data to third-party payments services providers (TPPs).
There has already been much debate on this issue between the fintech lobby and the European Banking Federation (EBF). The disagreement focused on the authentication and security issues related to allowing authorised TPPs to access data through 'direct access', also referred to as 'screen scraping'. Under PSD2, banks in the EU will be obliged to enable 'access to accounts', by making customer bank account data available to application programme interfaces (APIs) – subject to the account-holder's approval.
Swiss bankers say no to open banking
The Swiss Bankers Association (SBA), however, has rejected regulation that would open up access rights to third parties. It stated: “A one-sided opening of access rights for third parties as required within the EU under PSD2 is an experiment at the expense of bank customers that creates dangerous confusion and undermines the customer’s data security”. It gave the following reasons in its statement:
- In Switzerland, regulation analogous to PSD2 is unnecessary because there is no action required in this area, competition is functioning effectively and the banks already (irrespective of PSD2) offer a large number of innovative solutions. A regulatory obligation to open interfaces would be an unnecessary intervention in what is a functioning market and would result in competitive distortion to the disadvantage of the banks.
- The issue of customer data security plays a key role in electronic banking. The highest level of security can only be guaranteed if customers and banks cooperate. A forced opening by the state is dangerous because bank-specific security principles are not fully addressed and this creates security gaps.
- Additional efforts and costs would arise for financial institutions in the areas of security infrastructure and compliance, which in the end would have to be paid for by the customer.
HSBC gets ahead of open-banking bandwagon
But some major global banks are currently testing their own open-banking applications. HSBC has developed its own open-banking platform, which allows customers to see all their accounts on one screen, even those held with other banks. Customers will be able to add up to 21 different banks to their app, including Santander, Lloyds and Barclays and will be able to configure it to show balances for mortgages, loans and saving accounts, as well as current/deposit accounts. The service is expected to go live for all customers in early 2018.
This initiative positions the bank in the competitive fintech landscape, which many industry commentators have said could pose a threat to the traditional banks as fintechs develop innovative customer services based on APIs. HSBC's Raman Bhatia commented that the new services would provide 'joined-up banking' for customers. Bhatia said: “What sets us apart is that we have millions of customers, which provides a unique insight into how we can continue to improve our digital banking offering.”
What security threats will we face under PSD2?
A look at three key security threats that could pose a risk when European banks begin to allow access to accounts from third party providers under PSD2
Fintech investment doubles globally to $8.4 billion
Investment in fintech companies has doubled in the past quarter to $8.4 billion globally, with 293 deals, according to KPMG's latest Pulse of Fintech quarterly report
Surviving and managing the new corporate banking
Can you cope with the ‘disruption to transformation’ trend that Celent predicts for corporate banking?