In recent weeks EU authorities have been assessing the success of PSD2 (the revised Payment Services Directive).
The European Commission closed two important consultations on the future of retail banking and digital finance. These consultations have allowed for reflection on PSD2 progress, as well as feedback on the future framework for open finance — see our blog ‘Three lessons for open finance’ for more on that.
The European Banking Authority (EBA) also published an important Opinion on PSD2 ‘obstacles’. This provides clarifications on key issues that create friction in consumer experiences of open banking. For example, the EBA noted that:
bank redirection screens should be minimised to what is necessary, and EU regulators should scrutinise redirection customer journeys
banks should support biometrics for open banking authentication (‘app-to-app’) where they’ve enabled these security methods directly with their own customers
banks cannot expect end-users to manually input their IBAN to use open banking.
In this post, we set out our experience of PSD2 implementation across banks in different European countries and talk about some of the obstacles we’ve encountered.
We hope visibility and discussion of these issues will help unlock the real potential of PSD2 — more choice and better experiences for consumers.
What has worked well
Consumer journey guidance
In the Netherlands, the banking regulator published guidance for banks on what constitutes obstacle-free redirection. It makes clear to banks that asking for the consumer to strongly authenticate more than once in a customer journey is unnecessary and inefficient, in line with the EBA Opinion.
Setting clear deadlines
In Belgium, the National Bank recently wrote to the banks it regulates to ask for the EBA Opinion clarifications to be implemented no later than 31 December 2020. Setting clear deadlines like this will help banks to move towards better implementations and encourage take-up of open banking in Belgium.
What could be better
Bank readiness and rate-limiting
Following our launch in Ireland, it was soon clear that one bank in particular could not cope with the volume of API requests. It subsequently began to severely ‘rate-limit’ requests (limiting the number of API calls per second), to the extent that the API became unusable. This prevented us and other TPPs from providing open banking services.
Following our launch in France, we came across a few concerning practices. A handful of banks have been preventing payment initiation where the beneficiary is not already on the end-user’s ‘trusted beneficiary list’. One bank took it even further by preventing payments without the beneficiaries postal address being provided. It is not clear how these requirements are consistent with PSD2, and they create unhelpful obstacles.
What really needs to change
Bank customer journeys
In Germany, we’ve come across banks who require the end-user to provide their IBAN before connecting. This clearly hampers user adoption, after all, how many of us can remember an IBAN, which is often over 20 characters long? The ideal solution will be for banks to implement account selection as part of the bank-side authentication flow.
During our testing across European countries, we have come across lots of clunky bank redirection screens. These need to change. We know that, when these screens are implemented well by banks, API-based connections have significantly higher conversion than legacy technology. The best flows in the UK now see around 90% conversion, thanks to app-based authentication and clear guidelines from the regulators.
We’re close to PSD2 success
Our first step is always to work collaboratively with the bank in question. However, we think it’s really important to start a public dialogue about the common problems on the ground. These obstacles are standing between consumers and a thriving market of open banking powered services. Banks have been responsive to feedback and regulatory guidance, so we’re optimistic that these remaining obstacles will be removed.
Watch this space for more updates about APIs on the ground in both the UK and Europe!