Even before the high-profile hacks, leaks and data scandals that have been plastered across headlines in recent months, 2018 was set to be a banner year for data security and privacy concerns – particularly in Europe. January 2018 was the deadline for EEA members to transpose the Second Payments Directive (PSD2) into national law, signalling the start of what could be a major shift in the European banking landscape. In May, the General Data Protection Regulation (GDPR) becomes enforceable – putting in place stringent new regulations on how entities can process and handle consumer data. As the push for open banking and data security intensifies, understanding the impact these new initiatives have on payments is essential not only for European firms, but for parties around the world.
Increasing competition, bolstering authentication requirements
At its core, PSD2 is an effort to increase competition through the promotion of open banking. The Directive mandates that banks open access to consumer data to third parties (subject to consumer consent). By authorising newly regulated third party groups to initiate payments and access consumer financial data via API systems, regulators hope to infuse competition and promote innovation. Payment initiation in particular could pose a disintermediation threat to card networks, as third party payment providers look to leverage their new access to accounts.
Opening account access to new entities increases security and privacy risks. PSD2 responds to these risks in part through the addition of new authentication requirements under what is known as Strong Customer Authentication (SCA). SCA enforces two factor authentication procedures in order to help safeguard consumer data and combat growing online fraud. Consumer protections and security will be further augmented in May when GDPR takes effect, wielding stark penalties for those that fail to adequately secure and justify their use of data.
Disruption and partnerships
The API driven future that PSD2 heralds offers significant potential for both old and new players in the payments space. The potential for disruption of established players is a real concern, as newcomers gain access to data and payment initiation capabilities. Despite these risks, opportunities for partnerships and innovation are available to both traditional banks as well as their fintech challengers. Several forward-thinking banks have already invested resources in building API marketplaces for financial services. Other approaches, which view fintechs as potential collaborators, can lead to fruitful partnerships that leverage the knowledge and expertise of the established financial sector and the nimble and innovative capabilities of fintechs.
Interest in mobilising and monetising financial data through open banking techniques is not a fad. Similar pushes are underway or finding support in countries around the world. The successes and failures of Europe’s efforts to balance security, competition and consumer access through regulatory actions will likely play an outsized role in informing the way that non-European companies and governments handle these issues in the years to come.