Who could have imagined it just a few years ago? Banks, so secretive, have finally opened access to their customers' data. This revolution, the first step of which was taken in 2018, has continued to shake up the banking sector, with faster, cheaper and more secure online payments, while encouraging the emergence of new services. financial… A boon for e-commerce and fintechs. Let’s talk about open banking!
Four years almost to the day after its entry into force, the second European directive on payment services (PSD2), adopted in November 2015 and applied on January 13, 2018, constitutes the start of a small revolution in the banking world.
Originally created to modernize and secure payment services and thus protect European consumers, this directive opens the door to other options.
Open banking: a legal obligation
Yannick Delsahut*, founder and director of the company GoldStark, fintech & innovation expert for the banking world and ORSYS trainer, explains: “ This regulation requires banks to move to open banking: they must make their customers' data accessible — with their agreement — to third-party players, that is to say payment initiators, account aggregators, these internet and mobile services allowing you to manage several accounts from different banks on a single tool... In short, the bank will have to open its information system. It's a real revolution, the bank being renowned for keeping its customers' data very secret, at the bottom of a “safe”. »
“The obligation was made effective in September 2019,” he continues, “ date on which the regulatory technical standards entered into force. Banks therefore had to provide programming interfaces, otherwise called APIs. This external opening will make it possible to create innovation around the bank. »
A new ecosystem for more services
The next step, according to Yannick Delsahut, consists of organizing the ecosystem to produce the new services. At the crossroads: fintech, insurtechs… these innovative start-ups, with recognized agility, which will then use their know-how to rethink banking services. “ Viewed suspiciously a few years ago, these companies will become key players on which banks will rely. They are agile, ready for a long time, and are able to meet the demanding specifications of the directive (purely technological connectors must in fact comply with a standard) and obtain approvals, to then position themselves as intermediaries and offer services to consumers.
An example ? “They will be able to offer instant credit services thanks to an application which will be able to check your solvency by querying all your bank accounts. A procedure that will delight users, since previously it was necessary to collect numerous documents (identity papers, bank statements, etc.), put them together…”
“But it can be cross-financial services” adds Yannick Delsahut. “So many services that were previously impossible to develop for a company outside the bank, due to the lack of opening of the data to the outside world. Services, too, that the bank cannot develop today: the organizations are too heavy, they are behemoths which struggle to bring existing systems and cutting-edge technologies together. Without forgetting that it is difficult to recruit new experts who have become rare on the market: they cannot move as quickly as they would like…”.
“The bank must create value”
Is the bank's activities threatened? Yannick Delsahut is categorical: “ The bank has no choice but to follow European directives to open up its data. To maintain its margins, it must position itself today. If it does not do this, it will have difficulty making its margins, while everyone will “use” its data (which constituted its marketing strength) to design services… Banking establishments must want to play the game, to be active and responsive. »
More secure payments
2021 also marked a turning point for PSD2. Since the end of June, all French e-commerce sites must use a strong authentication system to secure online purchases from 30 euros. A useful measure to combat increasingly frequent bank card fraud.
Previously, to validate their online payment, the consumer received a code by SMS from their bank which they then had to enter online. Having become obsolete, this system is now replaced by a strong authentication system for any purchase greater than or equal to 30 euros. Concretely, the customer must provide two of the following three identification elements: a password, their telephone number, or a biometric characteristic (fingerprint, facial or voice recognition, etc.).
Most often, the consumer is forced to use their bank's app to authenticate. What's more, PSD2 requires users to carry out strong authentication every 90 days, otherwise the service provider will no longer be able to access the consumer's banking data. A very restrictive security measure which could evolve in the coming months, according to certain experts.
