What is... PSD2?
Don’t let the numerical acronym put you off: this key banking regulation could change how you do business in your personal and work life – for the better
The banking regulation that could change how we all do business.
The original Payment Services Directive (PSD) was designed to make it easier and safer for payments to flow across EU borders, and comes alongside the UK’s Open Banking regulations. The update builds on the 2007 version by limiting surcharges, ensuring consumer complaints are heard quickly and strengthening security standards, as well as introducing a framework for sharing account information. That last bit is key to Open Banking: letting third-party companies and apps manage your finances with your bank on your behalf. Here’s how it works.
What does PSD2 mean for Open Banking? PSD2 requires nine of the biggest UK banks to allow third parties to access bank account data to build new services. It’s an EU-level change that’s been a long time coming, but follows a report from the UK Competition and Markets Authority. This demanded change after finding that traditional high-street banks weren’t innovating enough or offering distinct services, locking in customers with a lack of real competition.
What third parties can access account information? There are two categories: account information service providers (AISPs) and payment initiation service providers (PISPs), and they largely do what it says on the tin. An AISP lets you pull all your account information, across multiple banks, into a single place. That could be to watch your spending or for a bankcomparison site, to let you choose the right account provider for you. A PISP can make payments directly from your bank account, although so far it only works for online sales rather than in-person shopping. That doesn’t mean it’s open season on your data, however. Companies looking to organise your financial life need your permission first, and must be approved by the Financial Conduct Authority.
How will these PISPs and AISPs get access? PSD2 means the nine big banks are required to offer APIs of their data to PISPs and AISPs. Don’t choke on that alphabet soup: all it means is banks must offer the same data feeds that apps use on smartphones or to interact with Facebook. APIs open up data without allowing full access, and are a standard way for apps to pull in the information they need.
What about security? This is one big question for the nine banks: how can they share data with third parties without risking data breaches? Security concerns are one likely explanation for delays to the rollout – we would hazard fear of competition is another – not least as banks are famed for their out-of-date IT, with RBS fined £56 million over an outage in 2012 and TSB struggling with similar challenges this year.
When does PSD2 land? It’s already here. Most of PSD2 came into force in mid-January, although some of the access requirements are on a slower rollout schedule, coming into play next year. The nine banks in question were supposed to make customer data available from January, but six missed the initial deadline. All but one has complied now. That means you can in theory use apps – such as those created by our profiled startups on these pages – to manage your finances, and while it will be some time before there’s wide availability and support for every bank and mobile OS, with PDS2, the future of banking is on its way.