Organisations concerned about opening their customer data up to third-party access, and the potential for higher levels of vulnerability to fraud
New research, released today by Ping Identity, reveals that just 46 per cent of payment service providers (PSP) are prepared to comply with the upcoming PSD2 regulation. Expanding the reach of the original Payment Services Directive (PSD), the revised payments directive continues Europe´s goal to modernise, unify and open its financial landscape.
The research, which explores the current state of the payment industry in relation to the EU initiative, highlights a clear lack of education and understanding across businesses in the UK. Of those asked, 44 per cent admitted to not knowing the necessary changes needed to comply, despite the regulation’s direct impact to their business. A further 29 per cent say they are aware of the changes, but do not understand them.
Although payment service providers are obligated to conform to the regulation, just 12 per cent are aware that the new initiative will become active on 13th January 2018. In addition, 35 per cent are unsure if they will reach compliance in time, with just three in ten reporting they will get there without a struggle.
The main scope of PSD2 requires account servicing payment service providers (ASPSPs) to expose open APIs to open their customer data if the customer has given their explicit consent. These third parties can then connect to bank accounts and retrieve information. Just eight per cent see this as having a positive impact on their wider business, while almost half see opening customer data up to third parties as a negative requirement. Almost 40 per cent of respondents also believe that this expanded scope of the regulation will have a negative effect on customer experience.
While some organisations feel the implementation of PSD2 will not pose any threat to the wider business, higher levels of vulnerability to fraud is an issue that 19 per cent feel they may be exposed to once the legislation comes into force next year.
Phil Allen, Vice President EMEA of Ping Identity comments, “This research has highlighted that even though the majority of organisations are aware of what is required with PSD2, there’s clearly a lot to be done from both an educational and implementation point of view. Instead of simply seeing PSD2 as another regulation to comply with, organisations should strive to go above and beyond, setting themselves apart from competition, and providing customers with the best, and most secure user experience possible — and strong solutions exist.”
Allen continues, “With changes occurring across the industry, including the UK’s open banking initiative, it’s an important time for businesses to ensure they have the best security processes in place. Opening customer data up to third parties means allowing them access to certain parts of your network that in turn can create vulnerabilities. If compliance and implementation are done correctly, the PSD2 has the ability to transform the financial market as we know it, improving customer experiences — something that is essential to the UK economy.”
When asked if they feel enough information is available around the new legislation, just 26 per cent agreed, while the majority (74 per cent) either disagreed or were unsure.
The 144 survey respondents were members of management and senior staff in UK financial services organisations, all with 250 employees or more. The research was commissioned in April 2017 by Ping Identity, in association with research house, One Poll.
Payment service providers looking for additional information around PSD2, and how identity and access management technologies help organisations comply, can visit www.pingidentity.com/psd2 to access a range of eBooks, webinars and technical solution guides.