In July 2014, EU legislators adopted a series of measures known as Regulation (EU) N°910/2014. The Revised Payment Services Directive (PSD2), as it’s better known, will bring an end to the era of proprietary banking data when it goes into effect in 2018.
From that point onward, all European banks will be required to share their customers’ account information with any third party a customer chooses, and provide easily accessible application program interfaces (APIs) – enabling non-bank companies to process bill payments, make account transfers, analyze spending, and provide a wide range of other services traditionally handled by banks; all while the money involved remains in the same bank accounts.
It’s hard to overstate how much of a game changer PSD2 will be for the financial industry. Not only will banks lose their monopoly on many financial services – their power to compete with one another in many familiar ways will also be effectively terminated. In place of these traditional arrangements, a new world of third-party apps, web services and payment technologies will enter the marketplace, giving customers more financial choices than ever before.
PSD2 also sets out very specific standards for secure electronic identity verification, in order to keep customers’ funds and personal identities safe. Here’s what you, as a provider of financial services, need to know.
PSD2 describes two new types of players that will soon enter the financial space. Both these types of providers already exist, to some extend, right now – but as PSD2 goes into effect, experts predict each of them to grow and proliferate widely.
The first type of providers to thrive in the new landscape will be payment initiation service providers (PISPs). These companies will access the APIs provided by various banks, and link customers’ account with their own user-friendly payment systems. Once a PISP had authenticated a given customer’s identity, that user will be able to make payments in a wide variety of non-traditional ways – from third-party apps and websites, as well as from bracelets and other devices on the Internet of Things (IoT) – helping them avoid fees from banks and ATMs.
In addition to PISPs, a second group of players known as Account Information Service Providers (AISPs) will access and integrate data from customers’ bank accounts, providing them with a single user interface for viewing all their checking, savings and credit card accounts from multiple banks – along with spending breakdowns, budgeting recommendations, and related services.
Crucially, neither PISPs nor AISPs will have to create any core banking infrastructure, maintain any actual accounts, or produce credit or debit cards – much less set up ATMs or run physical bank branches. Instead, they’ll leverage the open APIs mandated by PSD2 to deliver great customer experiences – while gathering their own first-party data to monetize for additional revenue.
But PISPs, especially, will depend on strong electronic identity verification in order to be viable.
A variety of PSD2 requirements spell out specific standards for electronic identification (eID). Commission Implementing Decision (EU) 2015/296 requires European countries to cooperate on interoperable eID schemes – while Commission Implementing Regulation (EU) 2015/1501 creates a platform enabling practical connectivity between eID means, and Commission Implementing Regulation (EU) 2015/1502 sets out detailed criteria, including technical specifications and procedures, for the management of electronic identities.
In short, each bank will be required to have safeguards in place to ensure that each customer’s identity is verified before each interaction with a third-party service provider. Banks already have their own internal systems in place to verify customers’ identities – but any PISP who accesses customer data through a bank’s API will need their own identity verification system; and PSD2 mandates seamless integration between both those verification schemes.
Given the strictness of these regulations, and the complexity of a secure identity verification system integrating data among multiple institutions, smart PISPs will rely on eID software that’s already designed to integrate the functions of identity verification, electronic document signing, user authentication, and secure integration with other APIs.
This is exactly the range of functionality provided by SignWise Services, a trusted and secure infrastructure for authenticating and validating electronic identities. SignWise Service´s API is already in full compliance with all PSD2 requirements, and offers a variety of services for managing the entire life cycle of a digital document, both domestically and across borders.
By 2018, the use of eID services will be a daily reality for most people. SignWise already lives in that world right now – and we’re excited to welcome you into it.
POST IS WRITTEN BY
manager @SignWise Services and electronic identity expert
I have primarily worked as an R&D visionary and adviser for PKI-based authentication, eSigning, eSignature validation and eAuthorization services. I was part of the team that worked on the Estonian electronic identity for the Ministry of Economic Affairs and Communications, creating service portals for local authorities and annual electronic reports submission system for the e-Business Registry – winning the Best e-Government Solution award at the World Summit Award in 2011.
Learn more about electronic identity, PSD2, eIDAS and electronic signature trends and how you can get the support for your business by contacting SignWise Services team now.