Open banking is a concept that allows customers to make their bank account data available to third-party providers through application programming interfaces (APIs). This access is secure and private, being only possible after detailed consent from the customer.
With the facilitated access to this data, fintech companies can maximise the services available to their customers, being able to tailor offers to perfectly fit their needs.
Europe is one of the biggest hubs for the growth and development of open banking, but the concept is expanding worldwide, getting more traction at a high pace.
Currently, two of the main use-cases of open banking are services that aggregate banking data from different banks into a single platform, and firms involved in the lending/credit industry.
PSD2 is the revised payment services directive proposed by the European Commission in 2007 and enforced between January 2018 and September 2019. The needs for a revised directive emerged from many technology advances that resulted in a great variety of new services.
The new directive was drafted with the main goals of improving customer protection, boost competition, innovation, and increase security in the payments market.
Although it was supposed to entered into force until September 2019, due to a possible negative impact on ecommerce the European Banking Authority (EBA) established a transition period for financial institutions to become PSD2-compliant. This transition period ended on December 31, 2020.
PSD2 and open banking are directly correlated, since the regulations introduced with the directive strongly influenced how open banking works by working toward eradicating the use of screen-scraping. This method to access financial data by a third-party provider uses customer login details, which presents unnecessary risks.
PSD2 was conceived to answer to new needs from customers and new technologies, like the possibility to access banking information remotely and outside the bank network. This is possible through bank APIs developed following the regulations implemented with PSD2.
Now, with PSD2 important steps towards true open banking were made, since customers have the possibility to access/share their financial data in a practical, safe and secure manner.
The easy answer to this question is a big no. Open banking is a concept that initiated a wave of significant changes in the banking industry, leading banks to provide freely access to customer banking data, as long as consent was guaranteed.
PSD2 is a European Union (EU) legislation that regulates how open banking is implemented. With these set of regulations and standards, makes sure that third-party providers offer secure and safe access to customer financial information.
Another good example on how these two are definitely not the same is the fact that open banking is expanding worldwide, while PSD2 still is an EU legislation that is not applicable outside Europe.
Other countries, such as Turkey, Saudi Arabia, Japan, India, Hong Kong and Australia, are also creating their open banking infrastructure. In the American continent, the growth of open banking has also been impressive, specially in countries like the United States, Canada and Brazil.
Outside Europe, where PSD2 legislation regulates how open banking works, there are usual two different approaches to this concept: market-driven and regulatory-driven.
Open banking APIs allow customer banking data to be accessible to third-party providers. Account information service providers (AISPs) and payment account servicing payment service providers (ASPSPs) take advantage of this data to offer a wider range of services to customers.
PSD2 regulations were responsible for forcing banks to develop their APIs to facilitate access to banking data, guaranteeing its security and privacy. Even though the name “open banking” might suggest that anyone can access this information, that is not true. Only licenced third-party providers can connect to bank APIs.
An API is a set of definitions and protocols for building and integrating application software. With them, developers can make their applications’ data and features available to other developers. Besides being made available to external developers, APIs can also be very useful internally, facilitating the organisation and interaction between different sections of a software.
APIs are extremely versatile, allowing developers to be only limited by their creativity. In regard to open banking, the use of APIs has revealed dozens of possibilities that until now were simply impossible to achieve.
With a growing number of use-cases for PSD2 open banking APIs, we have already explored over a dozen cases (you can find detailed information here):
By allowing third-party providers to access customers financial data, bank institutions can benefit from faster innovation, increased revenue, detailed customer insights and personalised offers.
It’s easy to explain how this would be possible. By outsourcing the development of new technologies to fintechs, banks don’t have the need to create an in-house developer team or dedicate extra resources to create new offers.
Thanks to fintechs, financial institutions can essentially improve their customer service considerably with virtually no costs.
The development and exploration of open banking APIs bring great benefits to customers, since it allows account information service providers (AISPs) and account servicing payment service providers (ASPSPs) to evolve their service offerings in a more efficient and secure manner.
Since the use of APIs to access became the standard procedure to access financial data, customers can be assured that no information will be viewed without consent.
The use of APIs helps third-party providers to offer an increasing variety of services to help customers access and manage their finances.
One of the goals with the implementation of PSD2 regulation to open banking was to improve the level of security and reliability to the payments market. With that in mind, one of the essential requirements was the implementation of strong customer authentication (SCA) in all European e-commerce transactions.
SCA main challenge is to reduce payment fraud without disregarding customer experience. To ensure that customer experience is maintained at a high level, the introduction of complicated steps into the payment process was avoided.
The application of SCA to open banking is pretty clear and practical, relying on two-factor authentication (2FA) to ensure that the payment is made in the most secure way possible.
With this solution, customers need to provide two independent pieces of information to confirm their identity. These pieces of information can be organised in three categories:
Strong customer authentication is required by PSD2 in the majority of online payments in Europe, but there are a few scenarios where third-party providers can apply exemptions. You can find a more detailed description of the most common PSD2 SCA exemptions in our article dedicated to SCA, but here are the list:
We frequently share industry news and Nordigen product updates to our closest friends, fintech innovators and industry experts. Sign up to our newsletter to hear more from us.
By providing your email, you accept