In less than a year the revised Payment Services Directive (PSD2) will be implemented in European Union (EU) Member States, and the acronym ‘API’ is on the minds of Payment Service Provider (PSP) professionals.
Application Programming Interfaces (APIs) are considered key to the implementation of PSD2, the main goal of which is to create a more uniform, transparent and open EU payment market that keeps innovation, competition and security to the fore – according to an article which first appeared in the EPC Newsletter..
As all PSPs prepare for the implementation of PSD2, how can interoperability between APIs be achieved to optimise investment costs for all stakeholders (PSPs, e-merchants, Third party Payment Providers or TPPs), and ensure a smooth implementation of PSD2?
Opportunities raised by PSD2
To understand why APIs are such a hot topic in the payment industry, we need to briefly assess the new framework that PSD2 will create. PSD2 will increase payment innovation and competition partly by enabling individuals and businesses to give TPPs access to their payment accounts. These players will facilitate internet and mobile payments by accessing the customer’s payment account (with their prior consent) and initiating credit transfers in their name to complete an online purchase. TPPs may also propose other services, such as aggregating information from all of the customer’s payment accounts in one place to help them better manage their finances.
PSD2 has many benefits including the regulation of TPPs’ access to customers’ payment accounts – a feature that lies beyond the scope of the first Payment Services Directive (PSD). PSD2 will therefore unify the rules for TPPs in Europe, and in doing so, will increase the security of customer data and payments, and give TPPs a broader European reach. It means increased innovation, competition and security that should ultimately benefit the customer.
E-retailers, just like any other corporate organisation, can also take advantage of PSD2: using an API from their Account Information Service Provider (AISP) will make it easier for them to reconcile payments. E-retailers can more directly benefit from PSD2 as it will facilitate an additional payment method.
But what about PSPs, which will experience the most significant impact from PSD2? PSD2 could not only be seen as a challenge requiring significant IT investments, but also a requirement that might transfer an element of customer relationships from PSPs to TPPs. However, PSD2 should be seen as an opportunity for PSPs to propose new, convenient, and digital-oriented services to their customers. For example, PSPs can themselves become AISPs, access their customers’ other payment account information and aggregate it in order to propose innovative solutions that give customers an overview of their finances.
What are APIs?
APIs enable information exchanges between two programs without requiring developers on both sides to share their complete software code. Technically speaking, they are sets of protocols that define how one application interacts with another. They can be viewed as messengers taking a request and returning the response. Very common examples of APIs include the ‘share buttons’ of major social media sites, which are found on practically all content pages on the web.
With PSD2, PSPs can develop an API that gives TPPs access to their customers’ payment accounts (with the customer’s consent). This type of API will be transparent for the customer. When they make an online payment, they will be asked to choose their method: in addition to the existing payment options, customers will have the possibility to pay directly from their payment account via a TPP.
How to achieve API standardisation?
The standardisation of APIs is essential to the smooth implementation of PSD2. All stakeholders have an interest in API standardisation. PSPs will benefit from the use of an open standard as it will lower their IT investment costs for PSD2. TPPs will also save money if they can use interoperable APIs, with e-retailers benefiting from more choice as well as greater reach and efficiency.
Several European initiatives are developing ‘open banking APIs’ that will be open to any PSP. They do not require massive investment costs but do maximise standardisation.
One of the most advanced of these initiatives is ‘UK Open Banking’. Part of it is specifically dedicated to APIs. Following an Order from the UK Competition and Market Authority (CMA), the nine largest UK banks were tasked to “adopt and maintain common API standards through which they will share data with other providers and third parties.”* By January 2018 an ‘Implementation Entity’ will deliver several API standards (one for each scenario: payment, aggregation, etc.) for use by PSPs on the British market.
And what about API standardisation in a broader European context? The Euro Retail Payments Board (ERPB) recently set up a working group on Payment Initiation Services (PIS) co-chaired by the EPC and Ecommerce Europe. It will define a common set of technical, operational and business requirements for the development of an integrated market for PIS while considering possible implications and synergies for other new services regulated by PSD2 (i.e. account information services and confirmation of availability of funds). As it seeks to maximise the interoperability of APIs throughout Europe, this working group will most likely take into account the set of API standards being created in the UK.
Customer education is central to acceptance of PSD2
One step is crucial to ensuring the smooth implementation of PSD2: educating customers. The public is increasingly wary of how commercial organisations use their data. PSD2 was created with customers’ security at its core, and clearly defines what use can be made of their data. The payment industry will, however, need to provide comprehensive information that allows customers to know and understand precisely what PSD2 entails when they give TPPs their consent to access their payment accounts on their behalf.
This article was written for and published in the EPC Newsletter – March 2017.