Much has been written about Payment Services Directive 2 (PSD2) and its potential to herald a new era of open banking where banks no longer have a monopoly on payment services. Instead, they will be forced to provide full access to customer accounts to third parties looking to provide financial services of their own, on top of banks’ existing data and infrastructure.
All of this could prove to be true, just not on January 13th 2018, the deadline for national governments to transpose PSD2 into law. This is because there is still so much to be decided and clarified. The European Banking Authority’s long-awaited regulatory technical standards (RTS) on strong customer authentication (SCA) were issued in March 2017 but missing some of the finer details, such as the methods to remotely access customer data and account information and the measures around the use of application programming interfaces (APIs) and screen-scraping.
The major banks tell us that these final details will not be issued until the end of this year, giving them no time to interpret them into anything actionable by January 2018. Furthermore, while the RTS underpins much of how PSD2 operates, it is subject to a different timeline to the Directive and will only come into force after January 13th 2018.
A survey conducted in June and July by Finextra in association with CA Technologies exposed the lack of readiness. Only 5% said they had completed their preparations for PSD2.
Only just over half (58%) expected to be PSD2 compliant by the January 2018 deadline while 31% were still in the phase of assessing what they need to do for PSD2.
The question is what happens during this ‘fuzzy period between January 2018 and mid-2019. Download this new paper to find out more.