New times bring new rules. In payments industry, these rules are distributed across various regulations each company or institution must strictly follow. The challenging regulations such as GDPR and PSD2 will certainly put fintechs and financial institution through many hoops but will ultimately help them prevent fraud and thus protect consumers.
The second Payment Services Directive (PSD2) is part of a global trend in payments regulation emphasizing security, innovation, and market competition. It seeks to further harmonize the payments market in the EU, make electronic payments and remote account access more secure, and enhance consumer protection. It also requires banks to provide other qualified payment-service providers (PSPs) access to consumer account data and to initiate payments.
The phrase ‘Open Banking’, used as a pseudonym for the Directive, is a system that provides a user with a network of financial institutions’ data through the use of application programming interfaces known as APIs. The Open Banking Standard defines how financial data should be created, shared and accessed. Benefits include more easily transferring funds and comparing product offerings to create a banking experience that best meets each user’s needs in the most cost effective way.
Retail banking has faced a number of disruptive threats in the past, but each time the traditional banks have adapted and grown stronger.
However, it hasn’t been very well communicated to the public, so people could be put off by not being well informed.
With PSD2, more regulation was created to also stimulate the required innovation that must be compliant. The third party payment service providers, hereby, are invited to compete by creating innovative solutions.
Currently, the payment environment is seeing many new players and a range of innovative and tailored services being offered to consumers, the prime beneficiaries of these changes. Some banks are choosing to build up in-house innovation teams to ensure an advantage. Others, are opening up APIs to welcome external innovation. One particularly interesting star on the rise is the payment app Swish, which is currently the top fintech app in Sweden, built by a consortium of Nordic financial institutions. Their collaboration created a payment product that is now rivaling Swedish payment unicorns such as Klarna and iZettle.
Also non-bank fintech companies are using this opportunity and thus seizing an increasing share of the financial services market and creating new markets through innovation.
Open data vs private data
The General Data Protection Regulation (GDPR) has been applied all European Union (EU) Member States since 25 May 2018.
While the definition of personal data has always been fairly wide, the GDPR is said to broaden it even further, bringing new kinds of personal data under regulation. The Regulation considers any data that can be used to identify an individual as personal data. For the first time, it includes, amongst other things, genetic, mental, cultural, economic or social information.
Therefore, no one’s information can be used without a valid and freely given consent. This means that people must have genuine choice and control over how others use their data. Additionally, under the GDPR, people have the right to withdraw that consent at any time – a rule knows as “The right to be forgotten”. This represents a fundamental data subject right in the Regulation, in and beyond the context of publicly available personal information.
GDPR will, ultimately, make businesses pay more attention to security and storage of personal data and if they don’t adhere, will receive very high penalties.
What changes for the consumers?
With the regulations PSD2 and GDPR in force, 2018 is turning into a year of important changes and are bringing security and control to consumers in a digital era.
PSD2, finally, improves the existing rules for electronic payments while GDPR gives people control of their personal data. While these regulations seek to put the consumer in the center, the truth is that computer systems in general have been designed with models that are very focused on transactions. Therefore, to comply with regulations, companies are currently adapting their processes and systems, and adopting an identity centric security model.
Nevertheless, the new system has the potential to upend the way people make payments and bank, disrupting the sector in the same way as media or retail.