It all began in 2007, with the Payment Service Providers Directive (PSD), which sought to create a single payment market in the European Union to promote innovation, competition and efficiency in the EU. But in 2013, the European Commission proposed an amendment (that’s where the 2 comes from in PSD2), which aimed to enhance these objectives. It seeks to level the playing field among countries and among payment service providers, putting consumers in a better position, as they will benefit from increased competition. It also hopes to normalize new payment methods like online and mobile payments. In fact, PSD2 will allow consumers and merchants to benefit fully from the EU market, especially in e-commerce. The Directive hopes to help develop the electronic payment market in the EU.
The changes will have multiple implications, many of which are still unknown, but financial institutions opening their payment services to other companies, the so-called Third-Party Payment Service Providers (TPPs) are causing the most commotion. This involves allowing third parties to access bank customer’s accounts and making payments on their behalf, after the account holder gives their consent.
Until now, the TPPs had a difficult time entering the payment market due to numerous barriers that prevented them from offering large scale solutions in different EU member states. By eliminating these barriers, greater competition is expected from new players joining new markets, players who will offer cheaper payment solutions to the growing number of consumers in Europe. Nevertheless, TPPs will have to abide by the same rules as traditional payment service providers: registration, authorization and supervision by competent authorities.
However, with PSD2, the consumer can simply authorize the business to make the payment on their behalf through their bank account. This means the bank and the business communicate directly using an API (Application Program Interface).
AIS and PIS providers
PSD2 leads financial institutions to develop two kinds of services: payment initiation services (PIS) and account information services (AIS). In both cases, customer consent is mandatory and clearly, their prior authentication of both the individuals and the companies. This will give two external service providers access to banks: payment initiation service providers (PISPs) and account initiations service providers (AISPs).
Therefore, financial institutions will have to implement APIs to share information with TPPs. The first will make it possible to make payments from any online platforms, while the second are those that are already commonly used, like financial data aggregators, in order to access customer data and offer them services with an added value. For example, there are services that collect and store information from a customer’s different bank accounts in a single place (account information services, or AIS). These services allow customers to have a global view of their financial status and easily analyze their spending patterns, expenses or financial needs.
Other third-party providers simplify the use of online banking to make payments online (the so-called payment initiation services, or PIS). They help to initiate a payment from the customer’s account to the merchant’s account by creating a “bridge” software between both accounts, filling in the necessary information to make the transfer (amount of the transaction, account number, message) and inform the business of the start of the transaction.
The European Banking Authority (EBA) must develop specific guidelines, technical standards that will not enter into force until September 2018, when the different countries must apply the directive and financial institutions must be prepared to abide by it.
Having in mind all this upcoming new regulation under PSD2, Lithuanian payment market participants expressed desire to formulate a common position on the API standard. For this reason, created API workgroup governed by Bank of Lithuania. This group deals with the new legal requirements, European API standardization initiatives, European Retail Payments Board (ERPB) recommendations, needs of Lithuanian payment service providers and users. By the end of 2017 the group is planning to prepare recommendations for secure APIs having in mind further payments market development.
API workgroup consists of 25 members - credit institutions, payment and e-money institutions, technical service providers, public institutions. We are proud to say that our company is among these members.