Who could have imagined this just a few years ago? The secretive banks have finally opened up access to their customers' data. This revolution, the first step in which was taken in 2018, is set to revolutionise the banking sector, with faster, cheaper and more secure online payments and the emergence of new financial services... A boon for e-commerce and fintechs. Let's talk about open banking!
Four years almost to the day after it came into force, the second European Payment Services Directive (PSD2), adopted in November 2015 and applied on 13 January 2018, marks the start of a small revolution in the banking world.
Originally created to modernise and secure payment services and thus protect European consumers, this directive opens the door to other options.
Open banking: a legal obligation
Yannick Delsahut*, founder and director of GoldStark, fintech & innovation expert for the banking world and ORSYS trainer, explains: " These regulations oblige banks to move to open banking: they must make their customers' data accessible - with their consent - to third parties, i.e. payment initiators, account aggregators, these internet and mobile services that enable several accounts from different banks to be managed using a single tool... In short, the bank will have to open up its information system. It's a real revolutionThe bank has a reputation for keeping its customers' data secret, at the bottom of a "safe".
"The obligation was made effective in September 2019", he continues, " date technical regulatory standards came into force. came into force. The banks therefore had to provide the programming interfaces otherwise known as APIs. This external openness will help to create innovation around the bank. "
A new ecosystem for more services
According to Yannick Delsahut, the next step is to organise the ecosystem to produce the new services. At the crossroads: the fintechinsurtechs... These innovative start-ups, with their recognised agility, will then use their know-how to rethink banking services. " Regarded with suspicion just a few years ago, these companies will become key players on which banks will rely. They are nimble, have been ready for a long time, and are able to meet the directive's demanding specifications (purely technological connectors must comply with a standard) and obtain approvals, before positioning themselves as intermediaries and offering services to consumers.
An example ? "They will be able to offer instant credit services thanks to an application that has been able to check your solvency by interrogating all your bank accounts. This is a procedure that users will be delighted to see, as previously they had to gather a large number of documents (identity papers, bank statements, etc.), put them together... "
"But it can be cross-financial services". adds Yannick Delsahut. "These are all services that it was previously impossible to develop for a company outside the bank, due to the lack of openness of data to the outside world. These are also services that the bank is unable to develop today: the organisations are too cumbersome, they are behemoths that have difficulty bringing together existing systems and cutting-edge technologies. Not to mention the difficulty of recruiting new experts, who are now rare on the market: they can't move as fast as they would like to..."..
"The bank must create value
Is the bank's business under threat? Yannick Delsahut is categorical: " The bank has no choice but to follow European directives to open up its data. In order to maintain its margins, it has to position itself now. If it fails to do so, it will find it difficult to maintain its margins, while everyone else will be 'using' its data (which was its marketing strength) to design services... Banking institutions must want to play the game, to be active and responsive. "
More secure payments
2021 also marked a turning point for PSD2. Since the end of June, all French e-commerce sites must use a strong authentication system to secure online purchases of €30 or more. This is a useful measure in the fight against increasingly frequent bankcard fraud.
Previously, to validate their online payment, consumers received a code by text message from their bank, which they then had to enter online. Now obsolete, this system has been replaced by a strong authentication system for all purchases of €30 or more. In concrete terms, customers must provide two of the following three identification elements: a password, their telephone number, or a biometric characteristic (fingerprint, facial or voice recognition, etc.).
More often than not, consumers are forced to use their bank's application to authenticate themselves. What's more, PSD2 requires users to perform a strong authentication every 90 days, otherwise the service provider will no longer be able to access the consumer's bank details. This is a highly restrictive security measure that some experts believe could change in the coming months.
Our best training
