FINANCE

Taking a layered approach with PSD2

Tony Reid, CTO of Financial Services, Hitachi EMEA

Two decades ago the payment industry was perceived as an innovation backwater. Payments were be devilled by archaic structures, legacy software and hardware. Yet it still managed to shrink the time it takes to make a card payment and lay the foundations for a digital future. And then, the industry entered a new era – a frenzied period of disruption, enabled by mobile banking and Near Field Communications (NFC). This is where the sector is today.

Tony Reid

Tony Reid

The Payments industry now attracts the lion share of partnerships and investments in FinTech. Dr Louise Beaumont, co-chair of Open Banking puts this down to the ‘dopamine moment’[1] – when you can see what people are buying. With payment data, you know what the person bought, where they were, what they were doing.” The data is ‘white gold for the financial services’ industry and the possibilities to transform the payment sector for good are immense.

The CEO of PayPal, Dan Shulman, recently talked[2] about reimagining the management and movement of money and providing different ways of thinking about the democratisation of money. These are powerful tailwinds – fanned by heightened competition in the payments space.

Traditional payment companies are now jostling with impactful new start-ups like Square and technology titans Apple and Visa just launched a far-reaching developer platform that allows developers and other companies to access the company’s payment tools. This is the first time Visa has made its payments processing technology widely available to third parties,placing it in direct competition with Silicon Valley payments companies like PayPal. More importantly, the initiative points to a wider move to open-up application programming interfaces(APIs) to fresh new ideas and applications.

This same ‘open source’ thinking underpins the Open Banking initiative, which exposes account data to new offers and advice. According to the Competition and Markets Authority (CMA)with transparent banking, people would have the information they need to make better financial choices; they’d be able to compare account offerings, access more lenders with better terms and avoid penalties. It would bring the perks of private banking to the masses. Much of these Open Banking ideals will be made possible by the imminent European Directive on Payment Services (PSD2).

Innovation regulation – an oxymoron?

PSD2 promises to shake-up the payments industry by shaking-up the banks. By early 2018, European banks (and any banks that seek to trade in Europe) will be expected to offer third-party providers (TPPs) greater access to customer data and payment infrastructure.

By lowering barriers for entry to third-party providers and industrious FinTech companies, PSD2will effectively pave the way for the Uberification of Banking.

In 2014, Uber opened its API, enabling the company to use Google Maps’ API to locate customers and track drivers, Google’s Cloud Messaging API for instant messaging, and PayPal’s Braintree API for payment. Uber also developed its own API and provided it to other companies to extend the reach of its services.For instance, online restaurant booking platform OpenTable, uses Uber’s API to allow customers to arrange travel to and from venues when they make a reservation. In a short space of timeUber went from being a small San Francisco start-up, to a global disrupter.

Regulation isn’t often synonymous with innovation. However, from time to time, it changes the rules of the game for the better. By obliging banks to share customer data with authorised TPPs in frictionless ways, PSD2 willenable and incentivise TPPs to offer bank customers some really exciting, cutting-edge financial services they might not have known about or had access to before. While forward-thinking banks will start folding these third-party capabilities into their core business offering,so they can experiment in adjacent areas and lower costs of innovation.

Solving the legacy problem

Of course, there are risks associated with the new payment mandate.One stems from the sheer volume and unpredictability of new API generated workloads. Banks have done a good job of tuning their systems to cope with peak levels of activity from traditional channels but TPPs could issue many more queries,, potentially exposing banks to system issues. Another is cyber security and Fraud.  By providing their APIs to TPPs, banks are uncovering a much larger attack surface to potential cybercriminals.  Critical applications will no longer be able to hide behind perimeter firewalls.

Furthermore, if customer data is exposed and fraudulently or even mistakenly misused, the customer won’t know whom to blame – the bank or the third party. The chances are they’ll take their complaint to the bank. So regardless of culpability, the bank’s default position should always be the highest level of security possible.

However, just as the payments industry was hamstrung by legacy technology 10-20 years ago – the same can be said today. Much of the old technology that’s done such a good and reliable job remains – it’s just been added to. Where other industries are moving to X-as-a-service models, built on new, agile infrastructures, banks typically scale their architectures by adding new hardware as demand requires. This has served the banks and their customers well but these monolithic systems are now just too complex and expensive to substitute.

But they can still take advantage of these new agile systems –  by building a database extension layer, populated with rich data by modern tools such as Pentaho,that would sit alongside the legacy technology, connecting customer data to the TPP through the API, while protecting the bank’s core systems. This layer would be very different to what a bank might have bolted on in the past. As a dynamic digital extension layer, it would radically reduce the risks associated with allowing third-parties to connect to a bank’s systems, while removing complexity for the bank – given that TPPs would just link to one platform, rather than a full suite of interlinked legacy systems.

With the right capabilities, PSD2 is a welcome piece of regulation with the potential to catalyse new growth strategies in payments and digital banking. However, it will also separate the banking pioneers of the future, from the faded giants of the past:modern proactive banks from those with traditional systems that can’t do the seamless job of extracting data from their systems, transforming it and blending it into new agile, scale-out processes.

Exposing APIs could drive new ways to interact with customers, achieve greater speeds and reach new heights of traceability, if the technology keeps up – via an adaptive big data overlay.Dan Shulman believes “there’ll be more change in financial services over the next five years than we’ve seen in the past 30 years”. With Hitachi and Pentaho in the mix, I happen to agree.

[1]http://www.mortgagesolutions.co.uk/news/2017/09/06/open-banking-insights-dr-louise-beaumont-ladies-executive-club/

[2]http://uk.businessinsider.com/paypal-ceo-dan-schulman-interview-2015-12

To Top