Happy birthday, PSD2, now you are celebrating your first birthday and you have become law. Over the years, many people have discussed and argued about what exactly you should become and how you can be implemented. For the German market, PSD2 contains few innovations in terms of content, as we have a long lived Open banking tradition in banking since BTX. On Payment and Banking we have already reported here.
So what has happened since September 2019? Has the banking market really and lastingly changed? Are payments finally as secure as Fort Knox? Have banks discovered APIs for themselves as an important component? Has open banking been fired or slowed down by and with PSD2? Have new products, service providers and real innovations emerged?
PSD2 was controversially discussed and evaluated – what has remained?
Expectations on the one hand and concerns on the other were high, depending on the actors involved. They ranged from prophecies of doom that banks would become superfluous, to speculation about excessive costs on the part of the banks, to arguments that PSD2 could mutate into a conversion killer for eCommerce.
How did the team experience the first year with PSD2 and what do we expect for the future? At the moment there are rumours that Brussels is already thinking about a PSD3.
So say the members of the Payment & Banking Team:
Frankly, I’m pretty disappointed with what has been done operationally with the PSD2, both by banks and Fintechs. If only half of the energy that was put into counter-lobbying had gone into product strategy around openbanking, we would now find significantly more use cases for customers and more than a handful of banks with exemplary APIs/API monetization strategies. Many Fintech visions have also shattered. Openbanking is unfortunately still not a real reality in the masses and many pre-PSD2 use cases are still very problematic in use since PSD2. An additional jolt for openbanking with new use cases in the masses has unfortunately failed to materialize and many Fintech growth plans remained on the status of Powerpoint slides.
I also find the handling of the 2FA around PSD2 very disappointing. After the introduction of PSD2 it was a catastrophe and even brought PSD2 as a no-go in comedy shows. Until today I still lack a continuous and product-spanning Ident / Authentication strategy. This chance of PSD2 for Ident was missed by all players in my opinion and in the end the American is doing the business again, keyword Fido-Alliance… Here again: It’s a pity, PSD2 well thought out but unfortunately badly implemented by the whole ecosystem.
But is that really a surprise? Remember the PSD1: it was supposed to be a single payment area in Europe. What came quickly in Giral payment transactions with IBAN is still not the case in the card business. Even in 2020, every European country is playing with a different form of debit card and all pan-European debit initiatives have failed miserably. At the same time, however, there are loud calls for more European sovereignty in payment. For PSD1, too, the motto was: well thought out but badly done. Will this change for a PSD3 if it has already failed twice with PSD1 and PSD2?
You can say: the first baby hype is over, the “Baby Shower Parties” are celebrated. Now you have to deal with reality, change your daily routine and make sure that “the baby is doing well”. This means: fine-tuning business models, keeping the mindset alive (“openness is good – don’t hide in the silo again”) and anchoring the “technology first” idea centrally in the organization.
“The first baby hype is over, the baby shower parties are celebrated. Now you have to deal with reality.”
The PSD2 has to bear the “clash with reality” and adapt “on a small scale” and ask itself: Have the goals really been achieved, for example in SCA protection? Did the customer really want to be protected – or is convenience not rather the driver). Does the customer understand when third parties access the account and does he even want that? It is a process that is going in the right direction. But we must hope that the child does not have to turn 18.
Admittedly, I looked forward to the deadline of 14.09.2019 with quite some concern at the time. Lobbyists from both camps (banks and Fintechs) had previously spent a long and hard time trying to figure out what access to account data would look like from autumn 2019 – unfortunately, customer/market requirements were behind their own agenda.
The scepticism then became even greater when the banks made their test environments available to third-party service providers on 14.03.2019 and said in unison: “We’re done!“. As someone who has taken care of the integration of the new interfaces from the very beginning, these words sounded to me like they came from another world and did not bode well. The next milestone, i.e. the provision of a productive environment by 14.06.2020, also showed that a lot of things were not yet working and obviously a lot of work was still necessary on the part of the providers.
Following the good German tradition “Deadline beats content”, the dismantling/conversion of systems such as FinTS, which had been functioning well for many years, was started immediately. A scenario in which the old ways no longer work and the new PSD2 rails do not yet work became more likely. The first positive surprise actually came on the deadline 14.09. – the complete chaos when accessing bank data did not happen!
However, not much of the hoped-for positive innovations and the support of many new Open Banking Use Cases by PSD2 was visible at the start. Rather, it was the little things that gave cause for hope – the flocks of advisors/lobbyists had thinned out, now the constructive work at the specialist level began, any errors/problems were eliminated and the exchange between the parties involved got underway. On the occasion of the first anniversary, it can be stated that various banks and providers have now implemented the new APIs in a practical manner and that the new APIs of most banks are of good quality within the defined scope.
However, the current scope of PSD2 is not sufficient to really fire new business models on a grand scale. This can be expanded within the framework of a PSD3 or achieved through other API initiatives (keyword Premium APIs) as well as a meaningful coexistence of the old and new world. If future developments draw the right conclusions from the problems of the past, the advantages and opportunities will also be available in the real world. In this sense, I hope for a further development that promotes mixed instead of monocultures.
Good things come to those who wait. After all the back-and-forth discussions about the pros and cons, all the hawking and chanting of certain actors, it would have been a real surprise if the directive had now fulfilled all our expectations and – to stay true to the image – could run independently after just one year. The idea of using the PSD2 directive to create secure and transparent payment transactions is a good one, and instead of lamenting what is not working, we should first be more pleased that the great chaos has not occurred.
But while human children are constantly getting up and practicing, practicing, practicing until they can walk on their own, more drivers who believe in the project, question and adapt are needed in the implementation of the directive. As in so many things, Europe is getting entangled in “small small” again, it (still) lacks the power to implement the process stringently. Unfortunately, I don’t see anyone at the moment who would recommend himself as a pioneer in this topic and thus as a guide. What a pity, because our industry can do so much so much better.
We are still in the middle and not at the end of an ongoing development. However, the child PSD2 does have potential for development and it seems that the last year has been used to solve serious problems. The fact that exciting international fundings and developments around open banking providers are currently taking place also shows the potential of the topic. We will continue to accompany it and will also soon be making a podcast with PSD2 players and will once again shed more light on the topic.