The banking industry is bracing itself for a seismic shift. The catalyst driving this is PSD2 – the revised Payment Services Directive, which comes into effect across the EU in January.
The banking industry is bracing itself for a seismic shift. It will signal the arrival of a new era, where there will be no option for banks but to open their doors to admit third party payment (TPP) processors. The catalyst driving this is PSD2 – the revised Payment Services Directive, which comes into effect across the EU in January. The aim is to drive increased competition and improve the customer experience by creating a single market for payments.
What are the implications for financial institutions?
Financial institutions affected by the new regulations face several challenges:
- To build agility into their core systems, to support the open APIs (Application Programming Interfaces) mandated by PSD2
- To comply with PSD2, which will demand a higher level of innovation at the consumer-facing end of their businesses in order to retain customer loyalty
- To shore up their security defences even further as PSD2 raises the prospect of their operations being exposed to increased risk and possibly fraud
Naturally, banks are concerned by the many unknowns around PSD2 and how fraudsters might use these to exploit weaknesses in the system and implement criminal activity. Allowing these new TPP players to have access to customers’ bank accounts carries with it a high degree of risk, which is why the new security requirements for electronic payments and account access have been introduced. But with banks soon to be one removed from their customers and therefore losing direct control over their security, and the prospect of payment fraud and account takeover fraud once more entering the frame, how can the banks/providers effectively address that risk?
What strategies can banks put in place to detect when a third party has been compromised?
The strategies banks put in place must be sufficiently sophisticated and robust to detect when a third party processor’s activities have been compromised. Additionally, the banking industry must address the threat of rogue TPPs committing fraud themselves or possibly creating shell companies to perpetrate illicit activities to defraud the banks, especially in an era where Fintech (financial technology) companies are springing up at an astounding rate.
The good news is that the banks already have the means to counter these threats. With full recourse to the behavioural profiling already in their possession, suspicious behaviour can be tracked and negated going forward. Advanced analytics, coupled with machine learning, can help support the changing landscape. Most importantly, through PSD2, banks can enable their customers to engage with them in a multitude of ways, safely and securely – something they have been constantly striving for.
Employing the right tools and techniques to predict customer behaviour
That said, banks will need to be far more proactive and flexible. They must allow the data analysts and scientists to put in place the new strategies and protections that will be required. This includes advanced behavioural analytics that will flag up any ‘spikes’ in customer transactions, such as using an unfamiliar platform, unusual time or uncharacteristic amount of money. But, even more than this, if fraud is to be kept to a minimum, the banks and TPPs must employ the tools and techniques that will allow them to predict customer behaviour before it actually happens: i.e. behaviours that fit within a pattern and bandwidth that raise concerns and yet don’t necessarily trigger an alert.
PSD2 will bring exciting new technology, with the potential to revolutionise banking and deliver the kinds of customer experience consumers have now come to expect. Yes, there are challenges around security, but these can be overcome. The dynamic shift these new regulations will bring –where customers gain and banks are able to keep themselves well protected from hackers and attackers – is within the grasp of both.