An Introduction to Open Banking (PSD2)
17 likes6,134 views
The document outlines the Revised Payment Services Directive (PSD2) aimed at enhancing electronic payments and fostering competition among financial service providers by allowing third-party access to customer account data. Key features include the implementation of strong customer authentication, expanded consumer rights, and the promotion of standardized online transactions. The directive, effective from January 2018, aims to create a more integrated market for payment services across the European Economic Area and Switzerland.
An Introduction to Open Banking (PSD2)
- 1. 1 An Introduction to Open Banking (PSD2) January 2018
- 2. Content Executive summary What When How Impact Appendix
- 3. Executive Summary Objectives • Improve rules for electronic payments: It takes into account emerging and innovative payment services, i.e. internet and mobile payments. • Level the playing field for new financial service providers: Third party providers can access customers’ account data or initiate payment transactions. Key additions • Standardize and promote online transactions and payment services • Strong Customer Authentication (SCA) for online payment • Enhance consumer rights • Expand the scope of regulated payment transactions The revised Payment Services Directive (PSD2) will make banks in European Economic Area (EEA) open up their Application Programming Interface (APIs) to provide third parties with access to customer account information.
- 4. EEA* + Switzerland What? SEPA PSD1 PSD2 Objective Key players When To provide a legal framework for payment services**. It improves rules for electronic payments, taking into account emerging and innovative payment services. Payment institutions: Non-bank institutions that provide payment services. Third party providers (TPP): Those who can access account information or initiate payment transaction. PSD2 is one of the initiatives intended to create an efficient and integrated market for payment services in the EEA. To create an efficient and integrated market for cross- border payment services. Payments are processed under the same conditions. Banks Effective by 2009 Where EEA EEA + Switzerland Effective by 1 Nov 2009 Effective by 13 January 2018 *EEA = 28 EU members, Iceland, Liechtenstein, Norway **Payment services = Service relating to payment account (current account, e-money, credit card account, current account mortgage); card issuing; merchant acquiring; remittances; mobile- based payment services.
- 5. When? 2007 Jul 2013 2014 Oct 2015 Jan 2016 Feb 2017 Jan 2018 2019 PSD1 come into force A review of PSD1 proposed by European Commission PSD2 prepared by the European Commission PSD2 adopted by the European Parliament PSD2 is introduced by regulators to financial institutions A draft of Regulatory Technical Standards (RTS) was submitted by the EBA* Member States introduce into national legislation PSD2 is fully enforced across the EEA *EBA =The European Banking Authority Timeline
- 6. Standardize and promote online transactions Strong Customer Authentication Enhance consumer rights Expand the scope of regulated transactions How? PSD2’s 4 key additions
- 7. #1 Standardize and promote online transactions Banks need to open up their API to allow Payment Initiation Service Provider to initiate payment transactions with customer consent. Payment Initiation Service Provider (PISP) Check balance: Receives information from the payer's bank on the availability of funds (a yes/no answer) on the account before payment initiation with the payer’s consent. No intermediaries: Funds are transferred directly from an issuer bank to merchant bank, bypassing card network. Requirement: Must be authorized; have a minimum of €50,000 in initial capital (or higher depending on types of service); and hold a professional indemnity insurance (PII). Sofort offers real-time online banking payment service in Germany iDEAL is an e-commerce payment system in the Netherlands, allows customers to buy on the Internet using direct online transfers from their bank account. Sample of startups that will be affected Present flow Future flow 1. Initiate payment & give consent 2. Check balance & authenticate as required by issuer bank 3. Payment
- 8. #1 Standardize and promote online transactions AISP may retrieve balance and transaction data from payment accounts from accounts that customer has authorized the AISP to retrieve data from. Account Information Service Provider (AISP) Aggregate data: Provides an aggregated view of past transactions that have already occurred and present it in one place. AISP cannot transfer funds out of a payment account. Limited information access: Receives information explicitly consented by the payer and only to the extent they are necessary for the service. Requirement: Must be registered; hold a professional indemnity insurance (PII). Money Dashboard is a personal financial management service in the UK. Users can view all of their online financial accounts in one place. AtomBank is a digital-only bank in the UK that provides banking services through a smartphone app. Sample of startups that will be affected Present flow Future flow APIAPIAPI Aggregate data Data Data Data
- 9. #2 Strong Customer Authentication (SCA) PSD2 introduces a requirement for strong or 2-factor customer authentication (2FA) Knowledge Something only the user knows (e.g. password, PIN) Inherence Something only the issuer is (e.g. a finger print or voice) Possession Something only the user holds (e.g. a card, a token) 2 out of 3 elements must be satisfied Sample application of SCA More detail on 2FA in Appendix Note: TAN = A “transaction authentication number” used by some online banking services as a form of single use one-time passwords to authorize financial transactions
- 10. #3 Enhance consumer rights Reduced liability In case of an unauthorized payments (stolen card), payers’ liability is capped at €50, reduced from €150 Right of recourse If payment service providers (banks) fail to provide SCA, they should compensate the other payment service providers. Sample case: Non-execution, defective or late execution of payment transactions Multilateral interchange fees (MIF) MIF charged on issuing banks on consumer debit cards are limited at 0.2%, credit cards at 0.3%. Ban retailers from imposing surcharges on customers for the use of cards (impacting about 95% of payment cards). More detail in Appendix
- 11. #4 Expand the scope of transactions PSD2 extends the scope to payments in non-EEA currencies, and to where only one payment service provider is located in the EEA. Note: PSD2 starts impacting a PSP when funds are credited to a clearing account of one of its entities domiciled in the EU, and the required information becomes available to this entity (for inbound payments); or until the clearing account is debited (for outbound payments). • All payments in EEA-currencies carried out within the EEA. • Italy Germany Two-Leg-Principle • Payments in any currencies, where all participant PSPs are located within the EEA. • Italy Germany Foreign currency transactions • Payments in every currency, where only one of the PSPs is within the EEA. • Italy USA One-Leg- Principle New New € € $ $ € $ Value dating and availability of funds under Two-Leg-Principle € € €
- 12. #4 Expand the scope of transactions Note: PSD2 starts impacting a PSP when funds are credited to a clearing account of one of its entities domiciled in the EU, and the required information becomes available to this entity (for inbound payments); or until the clearing account is debited (for outbound payments). • All payments in EEA-currencies carried out within the EEA. • Italy Germany Two-Leg-Principle • Payments in any currencies, where all participant PSPs are located within the EEA. • Italy Germany Foreign currency transactions • Payments in every currency, where only one of the PSPs is within the EEA. • Italy USA One-Leg- Principle New New € € $ $ € $ Value dating and availability of funds for foreign currency transactions PSD2 extends the scope to payments in non-EEA currencies, and to where only one payment service provider is located in the EEA. $ $ $
- 13. #4 Expand the scope of transactions Note: PSD2 starts impacting a PSP when funds are credited to a clearing account of one of its entities domiciled in the EU, and the required information becomes available to this entity (for inbound payments); or until the clearing account is debited (for outbound payments). • All payments in EEA-currencies carried out within the EEA. • Italy Germany Two-Leg-Principle • Payments in any currencies, where all participant PSPs are located within the EEA. • Italy Germany Foreign currency transactions • Payments in every currency, where only one of the PSPs is within the EEA. • Italy USA One-Leg- Principle New New € € $ $ € CreditValue date and availability of funds when the payer’s bank is outside the EEA under One-Leg-Principle DebitValue date when the payee’s bank is outside the EEA under One-Leg-Principle PSD2 extends the scope to payments in non-EEA currencies, and to where only one payment service provider is located in the EEA. €
- 14. Impact: Re-distribute payment value chain Taking the UK as a case study, the average Merchant Service Charge (MSC) is 0.68% of the transaction value for debit cards. With PISP, the PISP itself will be the only intermediary to which this MSC is to be distributed.Therefore, the new fee is likely to be between 0.2%-0.68% (below current MSC level).
- 15. Impact: Experience-driven payment evolution PISPs are being purchased to streamline the payment flow, e.g., Braintree, Stripe. Incumbents will need to adopt new technology for SCA. Visa, Master-Card and American Express are working with Apple on establishing Apples mobile payment application. Physical (in store) merchants Online merchants Polymorphic payments (online + in store)
- 16. Impact: MIF regulation depresses issuers’ revenue Effective interchange rates for select European markets (2014 vs 2016) Estimated annual interchange revenue drop for issuers (2013 to 2017) Source: ACI Universal Worldwide Source: ACI Universal Worldwide
- 17. Impact: MIF regulation raises card usage Low interchange fees are associated with a higher usage of cards EU survey shows that Credit interchange caps hurt issuers (around €2bn reduction in annual revenue) Issuers cut back consumer loyalty programs and cash back offers Some have introduced card fees The UK, the largest credit card market, has been most impacted Conversely, large merchants received a significant revenue transfer, adding to their profitability SMEs have not seen pass-through
- 18. APPENDIX
- 19. Key provisions under PSD2 PSD1 PSD2 Transactions & Services Card payments, direct debits and credit transfers in the EU/EEA at national and cross-border level. Cash deposits and withdrawals M-payments and e-payments Money remittances Card payments, direct debits and credit transfers in the EU/EEA + Switzerland at national and cross-border level. Cash deposits and withdrawals M-payments and e-payments Money remittances PISP & AISP Amounts Transferred & received Charges should not be deducted from the amount transferred for payments in member state currencies. Full payment amount should be transferred. Charges can be deducted from the payment amount received by the payee, with prior agreement. Actual payment received and charges deducted should be provided in the confirmation to the payee. Same Execution Time Process payments by D+1 max. from 2009 (D = point in time of receipt) Up to D+3 until 2012 only if there is an agreement between payment service provider and ordering customer D+1 for paper-initiated transactions D+4 possible for certain intra-Community payments Process payments by D+1 max. (D = point in time of receipt) D+1 for paper initiated transactions D+4 for certain intra-Union payments Value Date For the payer/ordering customer – Debit Value Date is date of receipt of payment order. If the payment is received on a non-working day, then value applied will be next Business Day. Rule is applicable for payments in member state currencies. For payee/beneficiary – Credit Value date is the date of receipt of funds in the Payee’s bank account. This applies to payments in member state currencies. For the payer/ordering customer – Debit Value Date is date of receipt of payment order. If the payment is received on a non-working day, then value applied will be next Business Day. Rule is applicable for payments in any currency. For payee/beneficiary – Credit Value date is the date of receipt of funds in the Payee’s bank account. This applies to payments in any currency involving no currency conversion and payments in member state currencies, involving a currency conversion Information Stipulates minimum information requirements from payment service provided to customer. Stipulates minimum information requirements from payment service provided to customer. Also, makes it mandatory to disclose the terms and conditions upfront (execution time, exchange rate and end to end charges) to the payer before execution of the payment and execute upon receiving consent.
- 20. What are APIs? Application Programming Interface (APIs) An API is a software-to-software interface that allows web-based applications to communicate with each other and share data. Technically, they are sets of protocols that define how one application interacts with another. They can be viewed as messengers taking a request and returning the response, i.e. the ‘share buttons’ on social media sites. “partner API” model • By providing APIs to partners, i.e. creditors, brokerage firms, clearing houses, custodian banks, etc, partners can sign up for services and access information on customer accounts. “open and licensed API” model • By making an API available to the public, banks have the opportunity to compete for new business by enabling potential customers to compare product/service available in the market.
- 21. Liability for transaction errors Payment Initiation service providers (PISP) PISP is liable for submitting payment order to ASPSP (i.e. bank) Account servicing PSP (ASPSP) If the PISP can show that the payer’s ASPSP received the correct receipt of the payment order, the ASPSP is responsible for ensuring the money is transferred correctly. Where defective payments occur, the payer’s ASPSPs shall refund payers. Where the payer’s ASPSP fails to require SCA, the payer’s ASPSPs shall refund payers. Payer If payers act fraudulently or with gross negligence If unauthorized payments are caused by the loss or misappropriation of a 'payment instrument', i.e. stolen/lost card/mobile device. Payee If the payee’s ASPSP fails to require SCA, it shall refund any losses caused to the payer.
- 22. Strong Customer Authentication (SCA) 2-Factor Authentication is a way of authenticating yourself by combining SomethingYou Know, SomethingYou Have, and/or SomethingYou Are • The traditional way of signing into an application is by using a User-Id and a Password (something you know or a ‘single factor authentication’). Common Practice • Can be relatively easily hacked.The Problem • 2-factor authentication is introduced. • Something you know (user-id and password) • Something you have (a one time code) • Something you are (fingerprints) The SolutionSource: EBA
- 23. Current landscape for card fees Merchant Service Charge (MSC) includes interchange fee, acquiring fee, and payment scheme/network fee. Issuing bank keeps interchange fee, acquiring bank keeps acquiring fee, and card network (Visa/Mastercar) keeps payment scheme/network fee. Merchant receives the amount of purchase after MSC fee. 1. Purchase with a card (€100) 2. Merchant submits transaction for authorization 3. Issuing bank approves & keeps 0.2% interchange fee (€0.2) 4. Issuing bank transfers €99.8 (€100- €0.2) to acquiring bank through card network 6.Acquiring bank keeps 0.24% acquiring fee and transfer €99.32 (€99.56- €0.24) 7. Merchant is paid €99.56 (€100 - €0.68 MSC) 5. Card network keeps 0.24% payment scheme fee and transfer €99.56 (€99.8-0.24) 8. Bills cardholder €1009. Cardholder pays issuing bank €100
- 24. MIF regulation Current problem • Despite previous regulations, the European cards market remains fragmented and interchange fees are widely varying (0.3%-1.8%). • Interchange fees are agreed between the acquiring payment service provider and the issuing payment service provider for each sales transaction made. Solution • MIF was introduced to cap interchange fees, hence, lowering costs for retailers and consumers and intensifying competition. Key rules • Limit MIF for transactions: debit cards at 0.2%; credit cards at 0.3%. • Ban surcharges: Ban retailers from imposing surcharges on customers for the use of these types of cards. Benefits • Acquiring banks and PSPs have higher margin (no regulation on having to pass-through lower fee to merchants). • Merchants may accept more cards if total merchant servicing fees (MSC) is lower. • Merchants may negotiate better deal (lower acquiring fee) with acquirer banks Source : Sia Partners Note: MSC fee includes interchange fee, acquiring fee, and payment scheme/network fee, (ranked by magnitude).