PSD2 for more convenient and simpler access to banking and payment services
Author: Andrija Jovović, Director of the Payment System Department of the CBCG
The EU Directive on payment systems - Payment services directive (PSD2), is a revised directive on payment services whose main goal is to encourage innovation and support increased competition and transparency in the field of payment services. This directive was implemented in Montenegrin legislation through the Law on Amendments to the Law on Payment Transactions, which was adopted by the Parliament of Montenegro on September 29, 2022.
Until 2015, when the first directive in this area, PSD1, was implemented in Montenegro and preconditions were created for the further development of payment transactions in accordance with modern payment transaction standards in the European Union and the world, the first association on the subject of payment services were banks, as age-old holders of this type of work.
After the implementation of PSD1, other payment service providers are starting to be licensed. The first payment institutions, as well as institutions for electronic money, have appeared on the market. Regardless of the new payment service providers, banks traditionally remain the primary payment service providers. They are generally behind most payment services, whether clients access their accounts through electronic channels via internet banking, mobile banking or using ATMs.
Through PSD2 and the open banking that it brings, there are opportunities for that situation to change very quickly and for new service providers from the FinTech, IT industry and others to enter the market. There is no doubt that in the future, new actors will play a significant role in the field of providing banking and payment services, and that it is they who will begin to change the usual operations of banks in our country as well.
What PSD2 brings us
In addition to establishing greater security requirements and improving the protection of users of payment services, PSD2 brings and regulates two new payment services, namely:
- Payment account information services, and
- Payment initiation services.
The Account Information Service (AIS) will enable the user to obtain aggregated, or consolidated, information about one or more payment accounts maintained at one or more banks and accessed via the Internet.
The user of payment services is thereby enabled to have an overview of the financial status of all his payment accounts at any time. All account information will be available to other companies (Account Information Service Providers - AISP) that will offer this service, but only with the user’s consent. Those companies will have to be licensed and supervised by the CBCG, and the technology through which data will be exchanged must meet special security requirements.
Payment Initiation Service Providers (PISP) provide reliable information that the payment has been initiated. In this way, merchants are informed that the payment process has started and that they can deliver the goods or services even though the money is not yet in their account. Such services offer merchants and consumers low-cost solutions and provide consumers with the ability to shop online, even if they do not have payment cards.
A very important novelty introduced by the implementation of PSD2 is strict security requirements for the initiation and processing of electronic payment transactions. Payment service providers must apply the so-called “strong customer authentication” (SCA – Strong Customer Authentication), when the payer initiates an electronic payment transaction, in order to better protect their financial data and reduce the risk of fraud. Therefore, banks and other payment service providers will be obliged to establish the necessary infrastructure for stronger customer authentication. In addition to higher security requirements, payment service providers are also given the obligation to manage operational and security risks related to payment services, as well as the obligation to report operational and security incidents.
Therefore, banks will have to adapt and “open up”. Until now, access to data on users and their accounts was exclusively owned by banks. By implementing PSD2, banks will have to “open” their application programming interfaces to new payment service providers, who will only be able to obtain information about the user’s account, initiate payments and issue confirmations of funds through that channel. At the same time, the security of the provision of these services is strictly regulated so that the user’s data or funds are not endangered.
The goal is, of course, that the greatest benefits of the implementation of PSD2 go to the end users, in the form of more convenient and simpler access to banking and payment services.
If the data that will be exchanged will be used in the right way, if they satisfy the real needs of the users, a great opportunity opens up for the provision of completely new services based on extracted data and collected information.
If the strategic decision of the banks is to see the demands of open banking as an opportunity to enter into a synergistic partnership with new participants in the market, to realise numerous business opportunities, it is inevitable that all participants in this process will receive benefits, both the providers and the users of banking and payment services.