Many will miss next PSD2 deadline, even as pioneers forge ahead

A huge portion of European companies will not clear PSD2's regulatory hurdles for digital connections between banks and payment apps, but that hasn't slowed down some companies that see value in open banking and payments.

There are some major projects underway to address PSD2 migration, and other elements of what’s referred to as open banking, with a series of major releases in the past two weeks. But even with this progress, there’s still a dramatic shortcoming that will compound costs and risks going forward — leading to a migration that will take years and cost billions.

One major PSD2 deadline has already passed with poor compliance. Nearly two-thirds of European banks missed a March deadline to have an operational testing sandbox, according to the open banking platform provider Tink, and the upcoming Sept. 14 deadline for strong customer authentication (SCA) doesn’t look much better.

Stripe and 451 Research estimate Europe may lose about $75 billion in the first year after SCA takes effect in September. SCA requires businesses to use two-factor authentication for digital payments that European acquiring banks process. There is concern that smaller merchants aren't aware of SCA, nor do they understand how it works.

Nearly two thirds of businesses with fewer than 100 employees are unfamiliar with SCA, don’t plan on being compliant before September or are unsure of when they will be ready. The report shows a “troubling” lack of appreciation for how SCA will transform how European consumers will buy online, according to 451 Research.

Rabobank worked for the past six months with about 750 developers in a sandbox test environment using trial payments and transaction data. During the next few months it will be opening services to payment companies and other fintechs that have PSD2 licenses, and will also try to sell these companies on jointly developing mobile apps.

“We have a cooperative view on fintech. Working with all partners in the ecosystem to ensure the best results for our clients,” said Alexander Zwart, tribe lead digital platform at Rabobank, in an email.

Rabobank is the exception, not the rule.

“The deadline is looming, yet many merchants and quite a few issuers are not yet ready, potentially resulting in a significant economic disruption,” said Zil Bareisis, a senior analyst at Celent. “As for the rest of ‘open banking,’ compliance aside, there is a growing sense of frustration that it hasn’t delivered on the promise so far. For the average consumer, little has changed yet.”

There has already been substantial investment among banks and non-banks, including separate initiatives from Mastercard and PayPal. Mastercard in the past week has released a tool to connect different types of bank APIs to merchants, hoping to take advantage of its network of banks and retailers. And PayPal is approaching small businesses via an investment in Tink.

On the bank side, Rabobank just provided a public update on its project to ease connections between external payment companies and the bank’s own payment and transaction processing.

The bank launched a second PSD2 API for account information about a week ago, and is an early adopter in the Netherlands to open up its APIs for PSD2 as of March 27th. “We take these steps because it fits our way of doing business perfectly and it leads to new collaborations,” Zwart said.

Moving forward, Rabobank will integrate account information from other banks in the Netherlands in its app. “We are now waiting for other Dutch banks to open up their APIs, so we can connect to their platforms,” Zwart said.

Rabobank is additionally working on PSD2 related ventures such as PEAKS, Tellow and PayConiq, which Zwart said add further open banking and payments integrations.

Other banks, such as HSBC and Lloyds, have opened access to bank accounts at other institutions. Among fintechs, Stripe has acquired Touchtech to boost SCA in Europe and other markets.

Improved authentication, open banking and digital ID are also driving the wave of payment processor mergers over the past few months, as companies seek to use larger scale to defray the cost of bank and merchant upgrades.

Over the next year, the largest challenge may be authentication improvements. Interoperable digital ID and strong authentication require standards and interoperability, and both are in short supply. A mandate that covers only Europe, is behind schedule and is unknown to millions of merchants won't make the path to digital ID much easier.

“One aspect banks and retailers are struggling with in particular is SCA. It is designed to make the experience as safe as possible, yet early indicators suggest that the experience may be worse than they currently have,” said Gareth Lodge, a senior analyst at Celent. “The guidance from the regulator is still coming through, despite the deadline being only months away. That’s perhaps an indication of just how tricky this is to implement.

Even compared to the European struggles, the U.S. migration to open banking may be more complicated, and will at least be much different. The U.S. migration thus far is market-driven without a government mandate, creating potential interoperability problems but also opportunities for early adopters.

In an earlier interview, Jim Wadsworth, a senior vice president at Mastercard, said the card brand’s new open banking toolkit will focus more on Europe initially given the lack of standards in the U.S. and the variety of standards in Europe to occupy focus in the short term.

As there is no similar mandate in the U.S., banks can explore APIs associated with other solutions, such as implementing APIs that enable large customers to integrate to the bank’s commercial services, said Tim Sloane, vice president of payments innovation at Mercator.

“The lack of a mandate enables innovative banks in the U.S. to look for API implementations that directly align with the bank’s business plan,” Sloane said, adding it’s unclear which approach is better.

For reprint and licensing requests for this article, click here.