It’s fair to say that over the years banking has changed and we live in an era of digital and open banking. Banking has become even more digital than it already was. Money transfer just means moving bytes across a communications network. That has been the case since we had digital transactions. The change of course is in the way that consumers, but also business customers, have access to that money.
In the beginning we were forced to go to a branch office to withdraw or transfer money. Then the first ATMs were introduced (devices we still use today) and the evolution of digital banking evolution started. Fast forward a decade or two. Digital transformation is in full swing. Nowadays, we have an app on our mobile device that allows us to do almost anything we would like to do: transfer money, check your account balance and even split a bill between your friends. Now we are getting even more possibilities, so we could call it digital imagination.
Have you ever heard of PSD2?
PSD2 is a piece of legislation that came into play, about 8 months ago. PSD2 is a successor to PSD1 and aims to create safer and more innovative European payments. According to the European Parliament, “the new rules will protect consumers better when making payments, promote the development and use of innovative online and mobile payments and make European payment services safer”. A lofty goal, I think you agree. And that makes it possible for third parties to access your banking data. What’s the benefit? Well you can give a third party to access your account data such as balance, payments, et cetera. They can develop truly innovative applications, using the data you provide. But you're always in control! It’s good to realize that PSD2 is bigger than just this element, but for this blog I would like to focus on the access to banking data.
A big thing
This is a big thing. Banking data is supposedly worth its weight in gold. Because it largely details your life. You can map your activities based on the payments you make. Recently I filled the gas tank at the gas station, got groceries and went out to dinner. It provides insight into your (spending) habits. Banks know the value of the data and have been keen to use this data commercially. In the Netherlands, plans to do this have been shelved quickly after a backlash from the public.
Are banks happy with PSD2?
Yes and no. Banks generally dislike things they have to do. Like any normal person if you have to do something, you probably won’t like it. As your mother said: eat your greens! That wasn’t something you like. Nonetheless, that opens opportunities to perhaps gain a little bit more share of wallet. But it’s a double-edged sword. Because it’s a level playing field for existing banks and so-called fintech companies. PwC has a nice report on the global fintech landscape.
Let's consider the case of a consumer who has multiple bank accounts at three separate banks and is now able to aggregate the information in one app. Let's say the banks are called X, Y and Z. The consumer has the choice, in which banking app (X, Y or Z), he would like to see information about his financial situation from all the three banks. But fintech company A could also develop a great app that you could use. PSD2 is not only for traditional banks! Isn't that great? I think it is. For those of you who are not interested in sharing the information: it’s up to you to make the decision. If you don’t want to share, you don’t share. Without your explicit consent no data is shared, and you can revoke the access at any time.
Making it possible
How do you manage to open that source of information and start the digital transformation? The solution from a technical perspective is of course: an API. With APIs you can easily open your banking information to third parties in a way that’s also secure. Perhaps you should turn it around and say that security is a key element, just like the user’s consent (management). The API is the mechanism to make that work.
However, there are of course some challenges. Not all banks have the same back-end systems. In a sense, that is not so much a problem. We have technology like the Enterprise Service Bus that allows mediation and transformation to access the data. If APIs are already used to retrieve data, it’s even easier. But banks have freedom in the way they open the data. There are multiple standards regarding PSD2, such as Open Banking UK and The Berlin Group. Regarding the implementation of the PSD2 legislation, we have several standards that describe at a high level how to do it. Some of these standards are very exact and will determine, and will define almost to the individual resource, what it should look like. Others are more global, more high level, and will describe in broad terms, the way you should open your APIs.
Banks are not forced to use these standards. If they have reasons to not use them and instead make use of their own standards in order to create APIs, it’s their prerogative. They can certainly do that and it’s actually one of the issues that we currently see with PSD2. I’m skipping many of the technical details of PSD2, such as the security aspects which are key to the uptake of these new kinds of services. PSD2 will not fly without proper and adequate security!
API Management to the rescue
Luckily, there are solutions to this. The WSO2 API Manager can certainly do this, just like WSO2’s Open Banking solution. APIs are not rocket science, that’s one of the reasons why they are so popular. I‘m very curious to see what kind of great apps are going to be developed by both banks and fintech companies that will benefit us all.