The term PSD2 solutions denotes APIs and other technological tools that are used by banks and financial organizations, and work in compliance with the 2nd Payment Services Directive. The major areas of focus are verification, onboarding, payment initiation, and other related financial services, interlinking third-party service providers, users, and banks, together.
Nordigen is one of the leading developers, creating PSD2 solutions for a wide spectrum of businesses and developers all over Europe. The goal of most developers who are creating these solutions is to enable both financial service providers with the technology to offer more to their clients, as well as allow the clients to have more freedom of choice. Open banking, along with PSD2 solutions can work together in creating more accessible and more harmonious banking as well as the fintech sector.
Aimed at modernizing the digital payment service market, PSD2 is surely moving the EEA forward and integrating the region’s economy into the digital age. PSD2 offers much-improved data protection alongside advanced payment processing. The legislators are focused on creating an economic and business environment for developers to thrive in whilst the users can be calm about the security and integrity of their data, always being aware of how everything is used. The PSD2 ensures that data shared for open banking purposes can only be shared when consent by the user is expressed directly.
PSD2 solution providers can provide many kinds of different services. Some of them focus on a single issue whilst others seek to develop a broad spectrum of tools, solving everything from A to Z that might be possible, once open banking is implemented.
Nordigen offers freemium solutions that include account information, transaction categorization as well as insights.
Providers have to be fully licensed and accredited by the corresponding legislators. Every country has a local institution that oversees the implementation, creation, and overall use of PSD2 solutions ensuring that only transparent and legit service providers and creators can develop and commercially benefit from PSD2 solutions. The list of authorized firms and individuals is usually published on the website of the governing body. Clients, as well as organizations, can always refer to this list to be totally sure that the organization that they are doing business with, is fully and wholly accredited.
Statistics show us that the United Kingdom and the European Union are the world’s premier hubs of open banking developments. This means that you will find most creators of PSD2 solutions either in the United Kingdom or the European Union. Nordic countries, the Baltic States, France, and Germany are leading the charge when it comes to developing new, cutting-edge solutions in this sphere.
The acronym SCA stands for Strong Customer Authentication. It’s an acronym that mostly came to life after the implementation of PSD2. It’s a set of requirements and regulations that outline how a customer can be identified. That identification is a mandatory requirement in order to provide certain financial services.
Hence, PSD2 SCA solutions are also super-important in the realm of open banking and in the context of PSD2 regulations. Strong Customer Authentication focuses on an added layer of security and eliminating the risk of fraud in the financial sector. Strong Customer Authentication is focused on three essential authentication factors, two of which must be verified in order for the whole authentication to be considered strong.
So, if you want to verify your identity, you have to meet two out of three criteria during the authentication process. These three criteria are inherence, knowledge, and possession.
· Inherence – personal and very unique characteristics of an individual. The inherence factor is mostly relevant to biometric data which, as of now, is either your fingerprints or Facial identification.
· Knowledge – information and data, known only by the specific person. This is a PIN code, a password, etc.
· Possession – something that is in your possession, usually a device (smartphone).
In order to proceed with payment initiation or any kind of serious financial transaction, under PSD2, financial service providers and TPPs (Third Party Providers) must be sure that the person expressing consent is, indeed the same person. They can only be sure, under current regulation, if they have authentication via 2 out of 3 factors. So, the user should, for example, enter their PIN on a phone that they own or scan their fingerprint on their own device, to confirm the payment initiation.
PSD2 solution providers focusing on making SCA authentication quicker and simpler via a wide variety of tools and technologies. This form of authentication is not only beneficial to the users, but it can also be labelled as almost vital in order to prevent fraud. In the past, physical transactions were considered to be more secure than buying something online. With the implementation of SCA, that is now a thing of the past, with both online and physical transactions by card being equally secure (some say that after PSD2 came to life, online transactions became even safer).
Out in the real world, strong customer authentication makes purchasing processes a bit longer than before with the need to authenticate your identity. However, statistics show that this hasn’t impacted customer experience negatively and most of them understand the added benefit of an extra layer of security.
With the integration of modern-day technology and being able to authenticate your identity quickly, users are getting used to SCA solutions and they are becoming more and more necessary. Developers and fintech solution providers can’t think about moving forward without implementing PSD2 SCA solutions.
The term ‘fallback’ is defined as an alternative plan, used in case of an emergency. So, a PSD2 fallback solution is just that – a safety measure in case the systems aren’t able to function properly.
A fallback solution is developed to function in case when the dedicated API interface is down. It minimizes the risk of unsuccessful transactions and ensures partial functionality during downtime. Fallback solutions are usually enforced only when the API is not functioning according to plan.
According to PSD2, banks are able to establish solutions and interfaces that are exempt from the obligations, set out to ASPSPs. There are strict requirements, however, with regards to key performance indicators (KPIs), making the statistics available, stress testing, prioritizing the underlying system, and solving any issues to the dedicated interface without undue delays.
There are three tiers of fallback solutions. Tier 3 solutions focus on outsourcing the entirety of the verification and identification process. An access token, requested by the TPP, will be transferred over to the ASPSP and passed through the gateway. For Tier 3 solutions, ASPSP is provided with the same token on the fallback interface. At the same time, it will provide the access token to ensure validity and identify users.
Tier 2 fallback solutions are different in the sense that eIDAS is utilized whereas the Account Servicing Payment Service Provider plays the most important role. This means that the ASPSP only needs to check the validity of the eIDAS certificate. ASPSPs will terminate the SSL connection and ensure the validity of the eIDAS certificate. Finally, once the validity is proven, the certificate is received and the TPP information is also transferred.
And finally, there are Tier 1 PSD2 fallback solutions. When Tier 1 solutions are implemented, most of the control is in the hands of the Account Servicing Payment Service Provider. In this scenario, the TPP connects the eIDAS certificate with the secondary interface of the ASPSP. The latter then accesses the directory of the TPP and gathers the necessary information. In this scenario, the ASPSP will have to terminate the SSL connection, validate eIDAS, gather the necessary information about the identification from the TPP and retrieve it from the directory.
So, the directives and legislature of PSD2 make it clear that service providers need a fallback solution.
A fallback interface or contingency mechanism is often labeled as a PSD2 modified customer interface. In the PSD2, the TPP identification is used alongside the MCI by the TPPs to gain access to the interface of the customer. With that being said, it should be authenticated and authorized by the electronic identification, authentication, and trust service or the NCA. Protecting the data of users is always priority No.1!
We frequently share industry news and Nordigen product updates to our closest friends, fintech innovators and industry experts. Sign up to our newsletter to hear more from us.
By providing your email, you accept