Originally developed to make cross-border payments more efficient, the a new version of the Payment Service Directive (PSD), PSD2, was passed this year to cover new payment systems that have developed with open banking and payments Application Programming Interfaces (APIs).
However, many banks and financial institutions are still struggling to make their data security fully compliant with PSD2 and to take full advantage of PSD2 from a data layer perspective.
Here’s a closer look at the impact of PSD2 and how to make your data work for the change.
The Challenge with Third-Party Financial Services
PSD2 is giving both consumer and business banking customers the ability to use third-party payment service providers, such as Facebook, Google, and Apple Pay, to make payments without having to log in to their bank account.
Data is now stored in a cloud database for efficient processing. Banks must provide open APIs for payment providers so they can access banking data, which means it’s now possible to build complete financial services on top of a bank’s infrastructure. This means banks will now be competing with not only other retail or commercial banks, but also any company that offers financial services with APIs linking to a bank account.
This shift completely changes customer behaviors and expectations when it comes to managing their finances and tracking their transactions. It also poses some economic challenges as IT costs rise with banks working hard to meet new security requirements for fraud prevention and data breaches. As consumers become more comfortable with the idea of frictionless transactions across all their apps and link more of their accounts to their apps, banks must reorganize their data and approach to accommodate for new data flows as well as maintain the integrity of user authentication.
Data Security with PSD2
Fraud prevention and data security with a cloud database are of utmost concern for many banks now fully understanding the impact of PSD2. There’s now another layer of security checks and requirements to comply with, and banks must have a good handle on how they’re managing their data in order to meet new standards.
The API layer that handles the request for banking information and then sends it back to third-party payment service providers sits on top of the banking application, which means legacy systems might not be able to handle any growth in the number of transactions coming through.
Legacy systems also may not have appropriate security measures in place as data flows back and forth from the API layer, which may require additional investment. Financial institutions will need to develop a new infrastructure and make use of new technologies that transfer this type of data readily and at a low cost— all while keeping sensitive information safe.
Rising to the Challenge with PSD2 in Effect
Even though banks are facing several challenges as PSD2 goes into effect, there are some ways to make the data work and minimize costs.
Having control of where your data resides is key. Sometimes data needs to be left in its place due to data governance legislation. Having a data management platform with row-level access controls and granular replication allows you to place data where you need it to be to serve the consumer or the legislator; this is especially important in a hybrid cloud architecture.
Also — being able to analyze patterns and behaviors improves customer experience by identifying a customer’s immediate, short-term and long-term needs based on a pattern of transactions or other data points. A powerful graph database gives you a lens over your data in order to get a 360-degree view of your customers’ (retail or commercial) data, irrespective of its source, for the sake of pattern and behavioral analysis.
As consumers, we all expect things to happen wherever we are and whenever we need it to happen - the right now economy - so banks will need to be able to use this data in real time to run analytics instead of simply maintaining a ledger of transactions. This will help banks be more strategic with their product development and customers experience initiatives. They can provide more personalized and even real-time interactions to ensure all the customers’ needs are being met at an opportune time.
Making your data work with PSD2 might require rebuilding the infrastructure to break up silos of data and adding more security layers. Financial institutions that fail to accommodate APIs will be at a greater risk of losing customers to competitors as consumers become more comfortable using third-party payment service providers and want immediate access to their accounts. Understanding all the new security requirements for fraud prevention, budgeting for infrastructure development costs, and creating new data management processes that involve analytics, are some necessary first steps.