Open banking is quickly becoming a significant driver of disruption, with the potential to reshape the banking industry. It would enable customers, financial institutions, and third-party service providers to network accounts and data through institutions. While this can bring in significant benefits, users also face the possibility of serious threats as more of their data is exchanged globally.
What is Open Banking?
The practice of providing open access to financial data from financial institutions through the use of Application Programming Interfaces (APIs) is what is referred to as “open banking”. Third-party service providers, usually tech startups or online financial services providers, are granted access and control over the bank’s customers’ personal and financial data. Once customers grant permission for such access, third-party providers APIs can then use the customer’s shared data (and data about the customer’s financial counterparties).
Benefit or risk?
Open banking, which relies on networks rather than centralisation, will assist financial services consumers in safely sharing their financial data with other financial institutions. However, open banking APIs are not without security risks, such as the potential for data breaches caused by inadequate encryption, malware, or insider attacks, which have become increasingly prevalent in the recent age, including at financial institutions.
The significance of PSD2 arises here.
The Payment Service Providers Directive (PSD) regulates electronic payment services and seeks to contribute to the development of a single payment market in the European Union to promote innovation, competition and efficiency in the EU.
The revised Payment Services Directive (PSD2) went into effect across the UK and Europe in 2018. It is intended to boost innovation in the banking sector and help banking services adjust to new technologies and make payments more secure in Europe.
PSD2 introduces new rights for certain third-party providers to directly access payment service users’ online payment accounts with their explicit consent. It also requires Account Servicing Payment Service Providers (ASPSPs), such as a bank, to permit access through a dedicated interface built on APIs. These measures are designed to open up the banking industry to new players and promote the development and use of innovative online services while ensuring consumer protection.
PSD2 regulates and harmonises two types of services that were already in existence when the first PSD was adopted in 2007, but which have become more popular in recent years: the Payment Initiation Services (PIS) which help to initiate a payment from the consumer’s account to the merchant’s account by creating an interface to bridge both accounts; and Account Information Services (AIS) which include the collection and storage of information from a customer’s different bank accounts in a single place. Meanwhile, Payment Initiation Services (PIS), another significant change in PSD2, is the implementation of additional security standards known as Strong Customer Authentication (SCA).
While open banking inspires innovation, its risks can be mitigated by PSD2. There’s no denying that open banking seeks to empower innovators, and could therefore transform the banking industry.