PSD2 headaches are only beginning
If they haven't already, card-issuing banks will soon receive a shock when the speed of PSD2's requirements becomes clear. Payments will have to happen faster, and the deadline to make that happen is fast approaching.
"Depending on the region, there is a very small window to get the payment to reach its endpoint and come back for confirmation," said Rajesh Venkatraman, director of worldwide payments for IBM.
IBM has worked in several faster payment projects, or projects that rely on faster processing to enable digital transfers, and is bracing for a slew of updates tied to the growth of open banking driven by PSD2, the U.K.'s Payment Services Directive, which took effect last month. This data-sharing enables banks and third-party developers to drive financial apps such as P-to-P, mobile wallets and other innovations that require near real-time movement of information.
Banks in Europe needed to be compliant with PSD2 since January 13, said Ron Van Wezel, a senior analyst at Aite Group. But the regulatory technical standards for access to the payment account will apply from September 2019, which is where the big technology projects come into play.
"I see a world of two speeds, in how banks will comply," Van Wezel said. "Many smaller banks will make sure they comply, by providing APIs to third party PSPs for reporting and payment initiation, but not more. There will also be a group of banks, however, that position open banking as strategic to the business on a European or even global basis … the latter group requires a digital transformation approach that will, over time, replace some of the core platforms."
IBM has already done some faster payment projects at banks. For example, IBM recently partnered with the banks behind the Zelle P-to-P network to provide IBM Financial Transaction Manager to support payments from the back office of the financial institution to the mobile devices that initiate the payments.
The company's goal in these projects is the adhere to what Venkatraman calls the Dutch standard, which means the payment has to be fully executed inside five seconds.
"That means when the bank receives the payment, they only have the remaining portion of that five seconds to do everything they need to do to complete the transaction," Venkatraman said.
The Zelle deployment has been successful thus far, according to Venkatraman. Along with other factors such as marketing, Zelle is growingly quickly and its system is powering new financial services at institutions such as BNY Mellon.
The next challenge for banks, particularly as PSD2 matures, is to ensure data can safely move quickly between parties at all times. There's no space for batch processing or updates in this environment, Venkatraman said.
"Immediate payments isn't a small item," Venkatraman said. "You have to have the skills to retrofit the bank to do all of this work, and many of the smaller banks and credit unions are struggling to see the ROI behind the investment."
Recent research from the Bank of England suggests most banks with business in Europe aren't ready for PSD2. The loss of some revenue, and the requirement that banks connect with third parties through APIs and other means, will require technology upgrades that are now overdue.
"PSD2 is mandatory. The pressure will be dependent on what capabilities they have internally, and how aspirational they are," said Gareth Lodge, a senior analyst in Celent's banking group.
Many banks are doing just the usual “compliance and compliance only” approach, Lodge said. The challenge for most of the banks, as usual, is the state of the internal IT architecture, and how easily that can be API enabled.
Lloyds Banking Group just invested more than $3 billion on PSD2-related IT, though there have not been a lot of major PSD2-related projects thus far.
What's happening thus far is just the starting point, and banks that fail to realize this will have a lot of catching up to do, Lodge said.
"Some are ready, like Nordea, but others seem to have barely started it," Lodge said. "It’s further complicated not just by the authentication aspects, but also the implications of [European data protection regulation] GDPR. 'Better late than fined' may become a phrase we hear often. Other banks are doing far more interesting things and realize that this is both a threat and huge opportunity."
IBM is working with some banks on PSD2 compliance, and issuers in other markets that face similar open banking regulations.
"Some came kicking and screaming to the party, but others have been thinking about this and do have a plan," Venkatraman said, adding the banks that get a large amount of income directly from payments and merchant acquiring are seeing the light earlier.