The September 14th PSD2 deadline- are the banks ready?
It is publicly known that the last and final implementation of the PSD2 — the Strong Customer Authentication (SCA) is 14th September 2019. The clock has started ticking, and the Revised Payment Service Directive main requirements are the two-factor authentication (2FA) process. The 2FA is going to secure e-payments in the entire European Region.
Increase in fraud has become a severe concern to the financial institutions and banks across the world. With the enhancement in technology, cyber-crime has subsequently increased, leading to more and more sophisticated ways to inject fraudulent data, make false transactions and payments, and money laundering. Security is 24*7 at risk, and the leaders are struggling to safeguard data and reduce the number of cyber-attacks.
According to a report generated by McKinsey, CEO fraud has risen to 270% and has led to financial losses of more than $2.3 billion in the last couple of years.
Let’s understand it with an example, you (CFO of the company) receive an email from your CEO’s verified email asking to send details including the account numbers of an XYZ supplier. You like a responsible CFO send in all the details. You realize more sooner than later that you were conned. The cyber-criminal uses multiple tools in a short time, making it at times impossible to trace back that fraud.
With two-factor authentication, passwords will be replaced with bio-metrics, and this is said to be the real competitive differentiator from any of the old security methods. Remembering several passwords with may be PIN coders was challenging in the past. However, with multiple bio-metrics available on a smartphone itself or a tablet, it is much easier for the banks to offer smart authentication, much faster and far more quickly.
PSD2 is opening up arena for startups & fintechs to create APIs to connect with the existing infrastructure of banks. Understand the revised Payment Service Directive and Open Banking in detail with an ebook and how it is helping fintechs companies to grow in the European Region.
Payment Services Directive (PSD2) compliance date of March 2019
According to Business Insider Intelligence, 41% of the Europeans banks failed to meet the PSD2 deadline in the month of March. The banks were supposed to provide a testing environment to the third-party providers. Banks not complying with the regulations means:
·They need to play catch-up. Moreover, these 41% banks would be creating a testing environment at a time where they need to implement strong customer authentication. Missing that one deadline in the past may lead the banks to miss the September 14th deadline for SCA.
· TPPs would not be able to test the open application programming interfaces that were enabling them to access banks data. This September 14th, TPPs are lining up to use to the open APIs from the banks and with banks not meeting these deadlines, TPPs won’t be able to connect with the APIs leading to potential disruption.
Payment Services Directive (PSD2) compliance date of September 2019
The European Union Commission (ECU) has been looking forward to making electronic payments more secure and simple across borders as well as within the countries itself. Following the aforementioned lines, a revised Payment Service Directive (EU Directive 2015/2366 aka PSD2) came into effect in the year 2018. The objectives of the PSD2 are mentioned below:
· a more unified and well-organized European payments market.
· enhance the market for payment service providers.
· make payments safer and more secure.
· safeguard consumers.
PSD2 though covers a lot of aspects around the e-payment market, and it also improves the privacy and online security facet that are needed to be implemented by the banks. Slated to come into effect in September 2019, PSD2 Regulatory Technical Standards (RTS) established by the European Banking Authority (EBA) include the following requirements:
· Strong Customer Authentication (SCA) to secure electronic transactions.
· safe communications by payment service providers.
Here’s what the banks can do to meet the September 14th deadline for PSD2:
· Collaborate with fintechs, which specializes in establishing the SCA. A lot many Fintech working in the EU are now concentrating on helping the banks navigate the new regulation. Avaloq, a Switzerland based fintech earlier announced that they have signed up with 12 financial institutions to help them meet the PSD2 deadline. To avoid any further delays, and neutralize the risk of being non-complaint with future deadlines, banks should work with the likes of Avaloq.
· Work along with the regulators for a better understanding of what is expected. European Banking Authority keeps on publishing clarifications on the PSD2, and banks need to be wise enough to read these clarifications more closely. There are workgroups also trying to help in smoother adoption of the directive, and banks can raise their concerns in front of the regulators here.
We do understand that PSD2 is a massive regulation for the banks to adopt. However, banks need to start shifting gears quickly as the early adopters of the regulation can attract more and more TPPs. These TPPs will help the banks to build value added services for the customers and thereby generating more revenue for them.