Is PSD2 not for commerce?
May 19, 2017 - During Money 20/20 Europe UL is delighted to be moderating 3 of the panel discussions; one of which is "PSD3 – this time we mean business".
As the moderator on this panel, I am excited to provide a sneak peek into my thoughts and questions. In case you have some burning questions of your own, please feel free to contact us as well and we may ask the questions on your behalf.
The previous PSD, and now PSD2, is driven by regulators. PSD is about removing the barriers within Europe to create an integrated, single market; and PSD2 sets out to level the playing field between Banks and FinTech. The regulators have a very good intention to the market and therefore to the business. However, for a lot of players in the market this is a very debatable statement. So is PSD2 (and the RTS) indeed good for business?
Is PSD2 creating more questions than it answers for business?
In my humble opinion, regulators make laws with the aim for a greater good - better development of the society or to make society and business more competitive etc. Payments cannot exist in itself. It has to be put into context, either social or commercial. Imagine, Mr. X has a million Euros and he is now on the moon. It is good for him to have the money, but the one million here is useless, because there's no commercial or social activities on the moon (at least today). Thinking along this line, next to the most important KPI being security, one of the KPIs for payments would be how good payments are integrated "within the context". Through XS2A (access to account), PSD2 does give the opportunity for players (both banks and FinTech) to innovate in such a way that payments can be facilitated in a more integrated way within the context. However, is that good enough? For example, do the requirements in RTS somehow make it more difficult for payment instrument to be more "integrated to the context"? On one hand, the good intention behind RTS for strong customer authentication should be fully supported. On the other hand, we also need to keep user experience in mind. One step further, PSD2 and RTS is a response to rapid technology innovation. Authentication methods are actually one of the fastest in terms of innovation. So here comes the question: will RTS be "out of date" when it comes into effect?
Thanks to PSD2, banks have to open up. This does not say how, and more importantly about the "attitude". I would be quite curious to see if the banks may block the potential value from PSD2, i.e. by complicating things through the non-access to APIs. Will there be some banks having the attitude of 'if you are forcing me to do things I don't like, I will be a bit late in the office..."?
Also, one of the key motivations of PSD2 is linked to the objective of the EBA: "to develop requirements that will harmonize regulatory and supervisory practices to ensure secure, easy and efficient payment services across the EU". In order to achieve this goal on a technical level, ideally there should be interoperability in terms of technical specifications, APIs and security requirements. We all know that this dream is yet to come true, which leaves us in a fragmented state. Of course partly it has to do with the legal landscape in Europe, but from a business point of view this raises quite some questions. From questions like "as a FinTech I actually don't know how many APIs I will need to connect", "Will my solution be easily deployed to other countries in Europe and will it not to have to go through lengthy processes in terms of compliance". To even more fundamental questions, such as "I am actually not sure the solution I am building would be PSD2 compliant, and how can I know this for sure". Or "As company operating in 20 member states in EU, will I need to implement 20 different processes to be compliant to 20 different laws?"
All in all, PSD2 may result in a more fragmented market. So how does this impact the greater good – being a more secure, user friendly payment industry? Will payment institutions face more paperwork and an increased fragmented processes as a result? We are looking forward to the discussion.
Wait, how about the two foundational part of the commerce - consumer and merchants?
One of the motivations driving PSD2 concerns customer protection, serving the greater good to society. This is reflected mainly on cost limitation and profit capping. These measures are a mean to achieve the goal. When looking at this from the consumer’s point of view, actually some nice things are already happening today (without PSD2). One nice example would be direct access.
Quite a lot of FinTechs today are working on beautiful innovations using direct access. Either via more integration between payments and the context, or by getting access to your financial data to perform services on top. This will no longer be allowed once the transition period under the PSD2 has elapsed and the RTS applies. There are mixed opinions about direct access as a technology, which can be implemented by "screen scraping". Whether this is secure or not or whether it can be PSD2 compliant, is a very good question towards the industry and I would love to hear your opinions. That being said, putting a ban on a well-established technology that creates a lot of value to consumers today and relying on the mandatory use of new, proprietary interfaces from banks, may result in question marks in the consumers' interest.
On the other end of the value chain, merchants are not directly under scope of PSD2. From the eye of merchants, cost and friction (therefore conversion rate) are key elements when it comes to payments. Thanks to PSD2, merchants now have the chance to become a PISP and to connect accounts directly through APIs. This of course limits the dependencies on established payment infrastructures, as well as on card schemes. This will likely lower costs needed for themselves and other intermediaries. An additional benefit for merchants would be better control on the integration of payments and the context linked to them. However, as discussed earlier, will the merchant need to go through all the bureaucratic processes to become a PISP and how beneficial will this really be in comparison to simply accepting cards? At least with 3DS 2.0, there is hope to remove the friction in the check-out process. Imagine a situation where we will face a mixture of these methods and merchants are busy implementing the "best practice" to fit their business needs, while consumers will face a lot of different payment and authentication methods. That is shockingly similar to the "war of wallets" we were all taking about a few years ago, where the consumers and merchants are clearly not the winners...
So, what would your PSD3 look like?
PSD, and PSD2 is primarily driven by regulators, answering the need from the market. If we are all putting ourselves into the hats of businessmen, and we are empowered to make ourselves heard via PSD3, what will your PSD3 look like? What are the "problems" you would like to solve? What are the opportunities you want to bring to the market?
We are very much looking forward to the discussion in Money 20/20, and in the meantime, please share your thoughts.
There are a lot of uncertainties, but that’s how the industry is today. The only thing that is certain is yesterday. We all need to embrace the uncertainty and make the best out of it. No matter what the outcome would be, the way we experience payments will change big time in the coming period.