PSD2: Regulation, Strategy, and Innovation: PART III
PSD2 Strategic Challenges (Continued)
The survey showed that there were clear differences in responses elicited by the groups across the different markets. In the UK for example, it was identified that if the favourite brand of the respondents increased security and length of checkout process, then 43% would be frustrated but would still shop with them, whereas 23% said that they would actually shop with the brand less (GoCardless, 2019). Clearly, such a finding is significant in terms of PSD2 preparations, especially in terms of what needs to be completed from a technological perspective (i.e. frictionless checkout experience) combined with a pre-implementation customer PSD2 educational strategy.
There were higher levels of comfort in terms of the provision of security information during an online purchase identified, for example, 76% comfortable supplying agreed security information (e.g. passwords); 78% comfortable supplying device information (e.g. mobile phone); and 69% comfortable supplying biometric information (e.g. fingerprint) (GoCardless, 2019). However, it was also found that 44% of respondents had abandoned an online purchase because of complex security procedures at checkout and 40% of respondents said that they would feel suspicious if faced with a more complex checkout process (GoCardless, 2019). Interestingly, 63% of respondents said they would be likely to pay for online subscriptions using Direct Debit if it meant that they could avoid lengthy checkout processes (GoCardless, 2019).
There are three other key concerns related to PSD2 and Open Banking that have been identified. The first relates to consumer ethics, namely, the increased concern by experts that increased third-party access to accounts and data may create opportunities for TPPs to ‘intrusively profile customers’ (Dhami, 2018). This in turn may potentially lead to an increase in predatory lending, where TPPs target ‘vulnerable’ borrowers with highly segmented advertising in order to sell products and services (Dhami, 2018). The question, therefore, is whether there is sufficient oversight on this potential new imbalance between the new and highly significant power in the hands of lenders, and new segments of PSD2 borrowers?
Another area of concern is that of a potentially significant increase in cybercrime. As the PSD2 framework heavily relies on the opening up of pre-existing banking channels and customer accounts, applying new security controls and processes to legacy IT systems may in practice be highly complex and costly (Dhami, 2018). This problem is augmented in relation to smaller new PSD2 firms that may in actuality not be equipped with to effectively deal with the new and highly complex and onerous PSD2 requirements relating to managing fraud, human error, identity theft, and also the loss of customer data (Dhami, 2018). Finally, it has been noted that the new Open Banking frameworks:
“…my trigger an increase in social engineering attacks against customers who may be inexperienced using new technology platforms. Risks include phishing, malware, fraudulent apps, and physical theft or loss of endpoint devices that could provide access to third parties” (Dhami, 2018).
PSD2 Strategy and Innovation
The previously identified surveyed perceptions and views are now absolutely crucial for FinTech firms, RegTech firms, and TPPs to take on board and incorporate in their developmental strategies. However, in practice it has been seen that many FinTech firms, RegTech firms, and TPPs are solely concentrating on developing, refining, and implementing their technological solutions, to the exclusion of marketing strategies and developmental strategies. For example, a review by Deloitte (2018) identified that most Account Servicing Payment Service Providers (ASPSPs) that they had talked to across the EU believed that they were overall compliant with the PSD2 primary legislation requirements. It was noted that their focus had been on implementing regulatory requirements such as the European Banking Authority (EBA)’s guidance on Fraud Reporting, on finalising Application Programming Interfaces (APIs), and on implementing the requirements of the Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) and Common Secure Communication (CSC) (Deloitte, 2018).
In practice, it is submitted that this is a fatalistic approach in this new era of PSD2 regulation and technologies. Indeed, this is not simply market commentary, but in actuality market fact. For example, Storm-7 Consulting previously had enquiries from the payments firm ‘Iron Group’ in the UK, which wanted to have advice and training on PSD2 changes related to the subscription base model. Notwithstanding discussions on this area, Iron Group did not proceed with the training. Later that year Ironggroup, the digital agency expert in the subscription industry, ceased its activities in October 2017, highlighting the challenges in successfully navigating the new PSD2 strategic landscape. According to Dhami (2018):
“Open banking will generate increased competition between established providers and innovative new entrants aiming to make existing products more flexible, bespoke and convenient. These entities include the likes of Amazon, Apple, Google and Facebook, who have agility in their investment capabilities as well as an advanced technological architecture to utilize their customer data insights at scale.”
Koić (2019) is in accordance with such a viewpoint, and acknowledges that APIs allow firms to dip into customer data held by banks in order to create their own complimentary or alternative financial applications, meaning that tech leaders such as Google, Amazon, Facebook and Apple will be able to compete on the banks’ home territory. Koić (2019) notes that:
“Customers have come to expect that their banks will offer the same ease of use they get from the big four digital FANG companies – Facebook, Amazon, Netflix and Google. Customer-centricity is in vogue and the race is on for banks to deliver digital satisfaction.”
Although, this in theory may to a certain extent be true, it has been seen that this does not convey the full picture. Indeed, as has been noted previously, pre-existing customer sentiment and attitudes are a crucial part of the PSD2 strategic formula that PSD2 firms must develop, including the big digital FANG companies which many customers already have low feelings of trust in. Notwithstanding such large existing user bases, technology companies will only become fierce competition if they manage to find a formula to leverage their pre-existing customer base in a way that will ensure customer buy-in and trust across-the-board. And that is not an easy proposition to do in this new era of hidden PSD2 consumer sentiment and trust.
[TO BE CONTINUED]
Deloitte (2018). Baby steps, but no giant leap: PSD2 at six months old. Deloitte LLP.
Dhami, I. (2018). Open Banking and PSD2: Disruption or Confusion? (31stJanuary), Security Intelligence, [Online], Available at: https://securityintelligence.com/open-banking-and-psd2-disruption-confusion/.
Dunlop, A. (n.d.). Open Banking and PSD2: A confused roadmap to innovation. PaysafeGroup.
FICO (2018). Risk & Compliance. (5thJune), [Online], Available at: https://www.fico.com/en/newsroom/swedes-confused-about-psd2-changes-to-payments.
FICO (2019). FICO Survey: UK Consumers Could Thwart Strong Customer Authentication. (31stJanuary), [Online], Available at: https://www.fico.com/en/newsroom/fico-survey-uk-consumers-could-thwart-strong-customer-authentication.
Finextra (2019a). 41% of banks missed PSD2 deadline says survey. (21stMarch), [Online], Available at: https://www.finextra.com/newsarticle/33569/41-of-banks-missed-psd2-deadline-says-survey.
Finextra (2019b). Sweden's Tink aims for pan-European coverage with €56 million in funding. (7thFebruary), [Online], Available at: https://www.finextra.com/newsarticle/33334/swedens-tink-aims-for-pan-european-coverage-with-56-million-in-funding/retail.
GoCardless (2019). Security vs. convenience in the payment experience. What matters most to online shoppers.
Koić, M (2019). Breaking the bank: how financial institutions can embrace disruption. (5thMarch), The New Economy, [Online], Available at: https://www.theneweconomy.com/strategy/breaking-the-bank-how-financial-institutions-can-embrace-disruption
Tink (2019). What a missed PSD2 deadline says about the challenge of implementation. (21stMarch), [Online], Available at: https://tink.com/blog/2019/3/20/psd2-sandbox-status.
Touchtech Payments (2019). European citizens and banks still unclear over PSD2 provisions. (8thFebruary), [Online], Available at: https://medium.com/@touchtech/european-citizens-and-banks-still-unclear-over-psd2-provisions-f62daeb4220a.
Virdi, T. (2016). PSD2: One of the biggest disruptions in banking for decades. (26thJanuary), Global Banking & Finance Review, [Online], Available at: https://www.globalbankingandfinance.com/psd2-one-of-the-biggest-disruptions-in-banking-for-decades/.