fbpx
Information, news and best practices covering our industry, company, partners and customers

From open banking to Strong Customer Authentication: the 5 main effects of PSD2

In Italy, there are big changes coming in September.

As we’ve written about in previous articles, which you can read here and here, September 14, 2019 is an important date for the online payment services sector, but also for all Italian and European citizens.

This is the date that the European Directive number 2366/2015, also known as Payment Service Directive 2, or PSD2, will come into force. PSD2 will partially replace the current legislation established by PSD1, introducing important innovations that are destined to have a significant impact on the everyday lives of citizens.

This is inevitable if we consider that many actions that take place on the internet are based on online payment systems or if we consider the growth of home banking and, in general, the whole sector of digital financial services in recent years.

According to statistics reported by the Bank of Italy in mid-2019, it is immediately apparent that the number of users benefiting from home and corporate banking services is constantly increasing. While in 2012 there were about 30 million users of information services and devices, in 2018 the figure almost doubled to more than 55 million. Moreover, the trend that has emerged in recent months is the increased use of digital payments, where there is ample room for growth and, consequently, profitability.

The best known case is, without doubt, the creation of Libra by Facebook, the cryptocurrency created by the social giant to allow payments and money transfers through Calibra, a digital portfolio integrated with Facebook Messenger and Whatsapp, with which the user can perform various financial transactions (pay, send, or receive money) directly on the platform, with the same ease with which you send a message. All without commission. Obviously, in this race Facebook is not alone. Other giants, such as Google, Apple, even Samsung and Huaweii, have started to move in this direction so as not to miss the opportunity that until now has been little explored, but that also holds much promise.

If, on the one hand, this considerably increases the level of competition, on the other hand it raises some concerns when it comes to security and privacy, which is now more than ever a subject of great interest to all citizens and which, therefore, must be well regulated.

 

A new regulation that changes (almost) everything

It is in a context of great change and renewed attention to the risks associated with cybersecurity that PSD2 comes into force, which promises to be one of the most incisive European Directives of the year.

It should also be noted that the effectiveness of PSD2 will be specifically reflected in the two specific areas referred to in the directive, namely internal competition in the European payments market and the safety of users during the control and management of online accounts.

The importance of this Directive is also linked to the fact that its effects will have a concrete impact on individual users, who will see an increase in verification and authentication procedures, and for the banks as well as for any authorized Third Parties, who will have to rethink their security systems and their strategic position in the market.

Let’s start by looking at the most visible changes after PSD2 goes into force.

 

1. Competition will increase

This will be the first and most appreciable effect of PSD2. With the directive, the aim of the European legislator was to eliminate the monopoly on the management of online banking accounts by introducing new third-party players who could offer similar services.

In addition, the number of services to be offered by these third parties has also increased, thanks to PSD2. From mid-September onwards, parties other than banks may:

  • carry out payment ordered by the owner of a current account held with another payment service provider;
  • provide consolidated information on one or more payment accounts held by the user with another payment service provider or with more than one payment service provider;
  • in the case of payment service providers issuing debit cards, to offer the possibility of receiving confirmation of the availability of funds in response to a request sent online.

This will increase the number of players and, consequently, will increase the competitiveness of the services offered, in terms of both cost and quality.

Moreover, opening the market to new players, mostly from the start-up and fintech sectors, will encourage traditional banks to constantly improve their products, increasingly digital, which will certainly be good for users, who will benefit from more sophisticated services in terms of the customer experience.

 

2. No other intermediary

Another notable benefit, which will be enjoyed by all users, concerns online shopping.

Before the introduction of PSD2, anyone shopping online was forced to activate a double step. The selected retailer, once the order was received, had to contact a credit institution within specific payment circuits (such as Visa, for example), which accessed the user’s bank account and authorized the operation.

Directive 2366/2015 eliminates this intermediation, allowing parties other than banks to access the current accounts of users and directly dispose of the transactions required. This not only makes the entire payment process more agile, it also allows you to reduce the time and especially the commissions for each operation.

It’s imaginable that PSD2 could lead, in a future perspective, to increasingly complex operations with a simple click – such as paying bills – or making purchases directly through a social platform (as Facebook has understood before all) thus gradually eliminating the use of credit cards.

 

3. Everything under control

The improvement in customer experience made possible by Directive 2366/2015 also depends on users more efficiently managing their accounts.

Before PSD2, users who have several accounts were “obliged” to manage them separately since the two systems were incompatible. From 14 September 2019 this will no longer be the case. Thanks to this decisive step towards Open Banking and to Account Information Service Provider (AISP) services, it will be possible to view all accounts through a single dashboard, even if they are on two or more different banks. For users, it will also be possible to use services that analyze, on the basis of bank movements, their spending behavior and, as a result, find the most competitive offers for services.

This effect is particularly interesting because it encourages competition, giving users more options and providers to choose from.

 

4. Open banking arrives, the counter closes

One effect of PSD2, as highlighted by IlSole24Ore, is that the bank as we know it today is destined to disappear over time.

Traditional credit institutions will also lose this last exclusive element relating to the relationship with the customer, i.e. the monopoly in managing its financial data. The new European legislation, in fact, “forces” all European banks to open up to other parties and this marks a real change of approach when it comes to managing banking services.

In the Open Banking model, banks, on the one hand, must share all the financial information that was previously available only to them, while on the other, they will be driven to transform into a bank-platform that, alongside the more traditional services, implements innovative and digital services to meet the needs and expectations of customers. This implementation will be made possible through the opening of its API, which are the programs that allow you to communicate with different systems in a simpler and faster way.

In a nutshell, this transformation will also benefit banks because it will increase the synergy between the different parties. It will be “easier” for traditional credit institutions to use start-ups in the fintech sector (and not only) to make the leap in digital innovation necessary to remain competitive, without necessarily having to develop specific in-house tech skills.

In this sense, the revolution is formidable. Banks will abandon the closed and “monolithic” aspect that has always characterized it, to become a more agile structure, in which part of the services offered are redistributed to external subjects able to manage them in a more efficient way. In other words, as stated by Carlo Alberto Carnevale-Maffè, professor of strategy at Sda Bocconi, “The bank is dismantled into functional modules that are reconstructed in a sort of “unbundling” that will create a new pervasive and invisible banking.”

A concrete example, in this sense, is the way in which loans can be requested. The bank will be able to rely on external providers so that the user can authorize the lenders to make a one-off access to their income and expenditures over a given period.

All of this will happen in a more secure way than it does today, thus providing a service that is decidedly convenient for users and more reliable for those who have to grant the loan, since they will be able to base their decision on much more precise and specific information.

 

5. Even more security for users

A fundamental aspect on which Directive 2366/2015 intervenes is the cybersecurity of the Open Banking system that is being created.

To increase competition and open the market to other parties, the condition is that high security conditions must be guaranteed to all individuals. For this reason, PSD2 introduces some particularly important innovations.

One of these is the concept of Dynamic Link, which is an additional security factor. It is based on the generation of random authentication codes, subject to a stringent set of security requirements and based on the validation of disposable passwords, electronic signatures, or other authentication based on encryption.

Specifically, this means that the user, when he wants to carry out any transaction, must authorize it through a unique code associated specifically with that transaction, with those specific features, for the specific amount, and to the specific beneficiary. All of this should help to make any operation carried out remotely, including those on social platforms, more secure.

Another novelty is the replacement of the current 3DS with 3DS 2.0, the new authentication standard for digital payments, made mandatory by PSD2. This new version will include the use of biometric elements, so as to reduce the risk of fraud while improving the consumer experience, abandoning landing pages such as those used to perpetrate phishing operations.

Another novelty is the introduction of the SCA, or Strong Customer Authentication, which Article 4 of the Directive defines as “[…] an authentication based on the use of two or more elements, classified in the categories of knowledge (something that only the user knows), possession (something that only the user possesses), and relevancy (something that characterises the user), which are independent, since the violation of one does not compromise the reliability of others, and which is designed in such a way as to protect the confidentiality of authentication data […]”.

In concrete terms, this means that those who provide online payment services will have to review the authentication processes by providing for a multi-step authorization phase. Therefore, protection systems based simply on the request for username and password will no longer be sufficient; the user will be required to authenticate himself using information that only he knows, objects that only he possesses, or elements that distinguish him. Many have already begun to explain this transformation to their customers.

An interesting solution was offered by Poste Italiane, who explained how to safely carry out all online operations, in accordance with the PSD2 Directive, through an interactive video tutorial sent to customers, which is structured in phases.

In this way, the user can start the video and, at the end of each phase, choose between two options. The narrative of the video is built, step by step, based on the choices of the user, who feels involved and not just a passive user of the content.

All of this has been possible thanks to Poste Italiane’s collaboration with Doxee, which has been successfully working alongside various companies to create interactive video content, providing all the best solutions to build a quality customer experience and, at the same time, more effective communication.

 

Back to Blog

This site or the third-party tools it uses make use of cookies necessary for their operation and useful for the purposes set out in the Privacy Policy. By navigating the site, scrolling this page or clicking "I agree", you are consenting to the use of cookies. To learn more or disable the use of cookies, consult the Privacy Policy

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close