The Payment Services Directive 2 is being hailed as the long-needed infusion of freedom and debilitation of banking monopoly. And, it truly is great. The basic idea is to mandate banks into opening up APIs to allow ANY interested, authenticated party to fetch account information and conduct transactions on behalf of the customers. The problem that many are speaking of is that the banks may lose out to more competition.
Earlier, banks were able to offer products and services to their own customers and since these customers (with active, operational bank accounts) were sort of captive, it was easier for them to sell to them. For example, your bank calls you and tells you that while you are banking with us, why not get a credit card from us. But now, company CreditCardProviderNumber 3 can provide a similar service and it can beat a bank as well. CCP No. 3 need not implement the regulations and compliances that a bank needs to manage, but it can offer one of the many offerings that the bank offers and take one more slice out the bank’s pie. When you have more such companies eating different slices of the pie, with specialized financial services powered by the bank’s APIs, it is sort of an irony to see the bank itself losing out the pie. And, that’s not it. The pie in itself is going to get a lot bigger with the harmonizing of financial laws and regulations which is done in an attempt to truly facilitate cross-border banking within the EU. This, everyone says, is the bank’s biggest problem. I don’t think so. I think they have some bigger problems to worry about.
Banks are going to bleed customers to sleeker looking, better designed apps that can act as AISPs(Account Information Service Providers) and PISPs (Payment Initiation Service Providers). But, these AISPs and PISPs are going to use the bank’s own infrastructure to make the bank lose business. Sort of double jeopardy really. The problem that I see here is that banks have been mandated to expose their systems in the form of APIs. Not only does that mean they must implement stronger measures of security and prevent unauthorized accesses from getting customers’ prized data, but also that their systems are going to be queried more heavily than ever. Banks today are dealing with their customers’ traffic and their internal transactions. That is hard enough to do and we have a host of fintech products that claim to provide the necessary scaling and efficiency to make that happen. Now, there are additional players who are going to consume the data that the banks have so painstakingly built the means to protect all these years. The data still needs to be as protected as before and it is supposed to more accessible.
Can you imagine a server that suddenly gets a million more hits beyond a certain date? Of course, that sounds a bit dramatic. Third-party AISPs and PISPs will take their time to grow and mature. But, the market could catch up quickly and quickly it will. Banks suddenly have to
- Retain their customers and woo them more than ever
- Build better AISP and PISP services than the next innovative start-up
- Maintain a steady performance throughout their servers to make sure that they even survive!
If you ask me, this is a big problem. Banks that are thinking about this already are going to need some mirroring solutions or some middle-wares and interfaces that can shield their core systems and provide the necessary virtual infrastructure for being queried. Banks could also invest in real infrastructure to maintain real shadows of their data. The solutions are obviously there (we too have an interesting offering in the arena. Head to our financial services to find out more) but we need to identify this as a problem! After all, even if everyone is happy about it (I have clients who are gung-ho about PSD2. They, are not banks.), we must empathize with the banks’ situation and help them do something about it.