In a roundtable discussion held Wednesday in London hosted by digital payments firm PPRO, industry leaders met to explore the impact PSD2 has imposed on key players in Open Banking and the changes needed to achieve the regulation’s objective in 2020 and beyond.
Ralf Ohlhausen, executive advisor and European TPP Association vice-chairman, commences the discussion on the topic of the current market position; “It’s fair to say the UK is far ahead in terms of API development for Open Banking being used in the market, which is a real head start.”
Despite this, regulatory fragmentation, implementation delays and a lack of consumer understanding is resulting in a lack of demand – a vital force for spurring incumbents to streamline processes and ensure regulatory deadlines are met.
On the issue of Strong Customer Authentication (SCA) and the complex task of balancing customer expectation with security, Ohlhausen comments that “in the absence of better technologies we are putting the burden back on to the consumer. We can’t just increase security by making customers do more.
“We need to find a way to avoid two factor authentication (2FA) which still complies with regulation as SCA is just too cumbersome. There are methods to achieve this and if we want to be able to provide the ‘Uber’ experience we need to look to solutions such as behavioural biometrics.”
Demonstrating how cumbersome the SCA process can be for consumers, Ohlhausen points to the ongoing disadvantage between the payment initiation and the card world whereby making payments -particularly to countries outside of the UK- can require multiple, separate, 2FA steps to be made by the consumer.
Further, Third Party Providers (TPPs) who provide their platform in to countries which do not yet function through APIs must operate through an original interface which requires yet another SCA.
The rise of Technical Service Providers (TSPs) sitting as a middle layer between regulatory bodies and the deliverers of Open Banking products and services is illustrative of the need to manage this incongruence.
When questioned as to whether the growth of TSPs should be attributed to the lack of clarity surrounding PSD2 regulation, Jack Wilson, head of policy and regulatory affairs, Truelayer, says “these firms are seen as being enablers of Open Banking in the UK. While there may be an effort towards standardisation in the UK in light of Open Banking standards, OB standards have been implemented differently within and outside of the UK.
“If you’re a fintech who specialises in just providing a specific service, you don’t want to be maintaining connections into millions of API endpoints or screen-scraping.”
Turning to Payment Initiation Service Providers (PISPS), James Booth, VP of EMEA, PPRO comments: “there is a huge hole in the market for PISP services and that’s because launching such a service is a huge undertaking.
“You need demand on both the side of the merchant and the side of the consumer. In a market that’s becoming more and more fragmented it’s becoming harder and harder to launch a PISP service.”
On the PISP front, Ohlhausen states that developing this capability “is the closest to rocket science I’ve ever come across, as it has to be both frictionless and it has to be secure. To achieve these two elements without a contract with a bank is very difficult.”
Despite faster payment services in the UK, these payments are still not universally instant, and to find a way to mitigate the risk that initiated payments will not be executed is the ‘rocket science’ Ohlhausen alludes to.
For PISPs to minimise this risk regarding payment mitigation, ample data must be pulled from the consumer payment history so that a provider can make a judgment about whether the payment will or will not succeed.
“The problem with PSD2 in this circumstance is that it isn’t prescribing the banks to provide all of this data through their APIs. There is no recognition of the fact that a PISP needs as much data as the Account Information Service Provider and that’s where we’re lacking a lot of functionality” argues Ohlhausen.
Tom Catchpole, Open Banking lead, Account Technologies, explains that the current way Account Technologies mitigates its risk is through a ‘synthetic overdraft’ product which sits to the side of a customer account.
If the company judges that a customer will go over their unauthorised overdraft funds are injected into their account and the account holder is charged an interest fee for the service. This is an expensive way to mitigate risk, Catchpole contends, with Account Technologies spending between £3 million and £4 million annually across their customer base.
Catchpole continues, “if however, we could remove this fee and push the saving to the customer, we could charge them around half the fee we currently charge. PISPs are a solution that we could see ourselves using to remove this risk-minimising process, but at this stage we’re not willing explore it until we have a contract with the banks.”
Consumer trust also remains a central component for every player in working towards Open Banking. From the financial institution through to third party provider relationship and potential suppliers in-between -be they PISPs or AISPs-, there is a necessity to build and maintain consumer trust which will act as a catalyst for building competition.
Olhlausen argues that while authority bodies and governments may have good intentions, their execution around generating and developing consumer trust constitutes a form of scaremongering: “they are asking the wrong questions.
“Rather than asking: are you happy to share your data? They need to be asking whether consumers wish to have access to products or services. And if they do, whether these providers can have access to their data to make the desired purchase possible in real-time.”
Wilson counters that while certain governments have made an effort toward educating the public to build understanding and trust, it is for the TPPs who have the customer relationship to nurture this trust in the hope of working toward a market which is more open to data sharing.
On the topic of data credential sharing, Ohlhausen continues: “If banks were not forced by regulation to deliver APIs then we would not have them available. Even so, it’s naïve to think that APIs will be the dominating tool for data pulling in the future.
“What we need is to incentivise players to allow direct access to accounts through credential sharing which in the absence of APIs will be the key enabler for data sharing. Banks need to stop the witchhunt and demonising of data sharing because they’re shooting themselves in the foot – it will be the only way to access Big Tech data and achieve reciprocity in this environment.”