Introduction to PSD2 and WSO2 Open Banking

Overview of PSD2

The Revised Payment Services Directive (PSD2) of the European Union, seeks to improve the existing European rules for electronic payments. PSD2 deadline is already elapsed and being compliant of PSD2 has become top in the priority list of majority of EU banks and financial institutions. In short, PSD2 enables bank customers, both consumers and businesses, to allow third-party providers to manage their finances.

PSD2 sets out rules concerning:

• Strict security requirements for electronic payments and the protection of consumers' financial data, guaranteeing safe authentication and reducing the risk of fraud;
• The transparency of conditions and information requirements for payment services;
• The rights and obligations of users and providers of payment services.

The core of the directive is the requirement for banks to open bank data as APIs to third parties under the XS2A (access to account) rule. With the adoption of PSD2, the playing field is finally level for third party payment providers [TPPs] which could be startups in the FinTech space which banks have to interact with this additional party to provide services to banking customers. Thus it’s essential to identify and select the best fit Open Banking solution for a bank with evaluating the capabilities offered to satisfy PSD2 requirements set by EBA.

What will change with PSD2

• Access to the Account [XS2A] via APIs enables the provision of entirely new types of services which are regulated under PSD2 as payment initiation & accounts information provided by payment initiation service providers (PISPs) and account information service providers (AISPs). Through PISPs, third parties will be able to initiate online payments to an e-merchant or other beneficiary directly from the payer’s bank account via an online portal. Introduction of online payments via direct account transfers in real time will dominate the existing EU region based online payment methods and affect existing card payment surcharges to be less. Through AISPs, third parties will be able to aggregate customers’ account information data, including transaction history and balances across multiple banks and banking consumers with a consolidated view of their financial picture. The threat to banks from Access to Account by TPP’s with PSD2 in effect will be loss of fees from card-based transactions and loss of customer ownership and insight.

Who are Third-party Payment Service Providers[TPPs]  

The main scope of PSD2 is to provide better customer experiences to Banking consumers by encouraging new players to enter the payment market, and it will happen by the mandating requirement for banks to “open up the bank account information” to external parties with customer’s consent.

These Third Party Payment Providers (TPP) are divided into two types:

• PISP (payment initiation Service providers) 

Initiate online payments from the payer’s bank account. This new payment service provider type will actively disrupt the existing payment options for online payments as well as offering cost effective and faster API-based P2P payment solutions. 

Currently  (SEPA) Credit Transfers and debit cards are available in EU region, which are both offered only by the account holder’s own bank. In the future consumers will see several different payment options that can move money from the account in real time.

• AISP (Account Information Service Providers) 

A Service Provider, which extracts and aggregates bank customers’ account data, including transaction history and account balance from the APIs exposed from different banks in EU region. Eventually this aggregated account information can be used by AISP to analyze behavioral patterns of user such as spending patterns and provide recommendations based on the customer data. 

Benefits for TPPs by PSD2 

• More opportunities for fintech startups to enter the financial services ecosystem through new innovative application ideas by connecting to bank exposed APIs.
• Competitive market will lead to the introduction of  more innovative payment methods, analytics on customer accounts data and grab customers attention.

Benefits for Bank Customers by  PSD2

• Instant payment settlements through direct account transfers lead to easiness and time saving.
• Service charges for transactions will be eventually less.
• More competitive and innovative payment methods to select.
• Able to view details of multiple bank accounts from a single view ,thus no need to login to different bank systems separately.
• More innovative ways to identify spending patterns from bank accounts and give predictive insights based on account history.
• Requirements to support for PSD2 TPP XS2A rule

Requirements for banks

According to European Banking Authority [EBA] Regulatory Technical Standard in Strong Customer Authentication [RTS SCA][1] ,it has included some requirements to be supported by banks when they exposed customer data through APIs to third party payment providers under XS2A rule as below.

• Banks to offer at least one interface to allow TPPs to carry out their services 

Eg: Request and receive accounts information – for AISPs Initiate a payment order – for PISPs

• Banks need to ensure that the technical specification of the interface is documented and provided, at no charge, upon request by authorized TPPs that have applied with their competent authorities for the relevant authorization.
• If a dedicated interface is offered, the performance and availability has to be same as in direct services accessing by bank customers.
• Rules and scope of the data exchanges between the service providers-Eg:ISO 20022 message formats
• Need to ensure security of communication between the service providers with adhering to eiDAS certificate validation

Requirements for TPPs

PISPs and AISPs must have access to communicate with bank systems to enable them to carry out their services, as requested by  bank customers.

TPPs must comply with the obligations set out in PSD2 and the accompanying EBA Regulatory Technical Standards mentioned requirements. For example -TPPs must follow the guidelines of on authorization and registration under PSD2 document [2]. 

About WSO2 Open Banking

WSO2 Open Banking Solution[https://wso2.com/solutions/financial/open-banking/] provides all the technology requirements that Banks need to create an “Open Banking” platform to be PSD2 compliant and as a result become a Digitally Transformed Bank.

The above diagram explains the overall components architecture of PSD2 and where WSO2 Open Banking solution initially fits in. Once the WSO2 Open Banking Solution deployed in a bank, bank will expose their internal core banking and payment service data as RESTful APIs through WSO2 Open Banking solution. Then trusted TPPs will authorize and consume the exposing APIs from their custom applications to aggregate different banks’ exposed APIs and provide the end user that means the bank customer a consolidated view of his/her bank data in a secured manner.

Key Offerings from WSO2 Open Banking

The key offerings that are provided through the Open Banking Solution to satisfy the PSD2 technical requirements are as below.

• Provides comprehensive API management platform support including API governance and run time.
• Support for different PSD2 API specifications as openbanking.uk , berlin NextgenPSD2.
• Identity access management and security capabilities for PSD2 including API security and Strong Customer Authentication requirements.
• Inbuilt support for bank customers’ consent management facility.
• Support for TPP interactions with banks including TPP onboarding.
• Integration points with core-banking systems
• API analytics and more powerful business insights
• GDPR compliance

For more information visit the live demo site openbanking.wso2.com of WSO2 Open Banking solution.

[1] https://www.eba.europa.eu/documents/10180/1761863/Final+draft+RTS+on+SCA+and+CSC+under+PSD2+%28EBA-RTS-2017-02%29.pdf

[2] https://www.eba.europa.eu/documents/10180/1904583/Final+Guidelines+on+Authorisations+of+Payment+Institutions+%28EBA-GL-2017-09%29.pdf