PSD2 Newly regulated services

One of PSD2’s most contested provisions during the negotiation process related to “third party payment service providers”, later redefined as (i) Payment Initiation Service Providers (PISPs) and (ii) Account Information Service Providers (AISPs).

These are not new services, but they will now be subject to regulation for the first time, and through regulation could achieve the stability to enable a new wave of innovation based on the additional functionality.

PISPs include providers such as Sofort and Trustly, and also bank-led initiatives such as the Dutch iDEAL. They essentially enable a user to initiate a payment transaction from their own bank account, to the bank account of the merchant, over existing banking networks. PISPs add value by facilitating the payment from the merchant’s checkout, populating the payment instruction page with transaction and payee data.

AISPs on the other hand include Yodlee as well as Intuit’s Mint; both offer services that enable users to aggregate data from different financial services providers using . This is done by logging into a user’s account and “scraping” the relevant data, and doing so again for the various financial products: bank accounts, loan accounts, credit cards etc. The user is then able to review their financial information at a single location; and more significantly, may be offered tools to analyse the data, compare prices, make suggestions on service providers and perhaps be offered additional products – all tailored to the user’s specific needs.

During the negotiation process, banks proposed that PISPs and AISPs enter into legal contracts with “account servicing payment service providers” (ASPSPs)- such as banks, before they could access users’ accounts. This might have also created a framework for cost sharing or for fees to be applied. This was rejected by legislators who feared it would act as a barrier to take-up, and set out provisions for unencumbered access wherever there was an online banking interface. Similarly, legislators provided that ASPSPs could not prohibit customers from using their ASPSP account authentication credentials with third party service providers.

PSD2 has also tasked the EBA with developing regulatory technical standards on “secure open standards of communication” between the various parties. This falls short of mandating an API, and was welcomed by PISPs who feared that the development of more detailed specifications could be used as a proxy for limiting bank account and information access.

There are benefits for customers generally, but also for payment service providers looking to offer new payment products. The first is in lowering the cost of funding for these products. E-money issuers for example have an acquiring cost associated with enabling consumers to purchase e-money and funding their accounts or prepaid cards. Direct bank transfers would lessen dependence on debit and credit card funding, lowering the cost of acquiring, and in turn enabling more competitive consumer and merchant fees.

Secondly, and as trailed within PSD2 text, the Commission foresees the migration of these services to the physical world. PISPs could issue “debit cards” linked to users’ own bank accounts, triggering payments over the banking network, and bypassing card schemes. This could save on interchange and other card related fees, but will of course be subject to the PISPs’ own fees.

AISP services have a distinct appeal. They have the potential of concentrating value and creating a single reference point for users. Aggregating user data, mining this information, providing users with tools to better understand their finances, and presenting money saving choices and offers, perhaps in a PSP agnostic environment, have the potential to build consumer trust and to provide a gateway to financial services.

The article “PSD2 Newly regulated services” was written by Dr Thaer Sabri, EMA CEO