Enough with tactics and lobbying on PSD2 – back to the basic ideas, please!
Approaching the PSD2 finish line, the fronts harden
If you are a payment and banking nerd monitoring the press at the moment, you might think the world is ending or at the very least companies and consumers are in imminent danger. Just Monday morning I heard a comment on the German radio on the topic of PSD2 and in my daily newspaper, I saw German Banking Association boss Michael Kemmer.
„We have to protect customers from themselves and the „bad“ payment companies and FinTechs and seal off our systems so that only we, the bank, have the customer’s data.“
On the other end, loud voices from the payment world
„Everything should remain as it is and we must continue our business as it’s been. And above all, screen scraping must continue to be allowed and an absolute commitment to the use of dedicated interfaces will create new problems.“
For me, both extremes are not deliberately absolute, and are unfortunately a result of being in the home stretch of the definition of the future European legal framework. The German Transposition Law of the PSD2 is still set to come through the Bundestag before the election and so the technical foundations by the EBA – the legendary RTS – are currently being debated by politicians in Brussels. And so everyone is currently trying to take massive influence again – in as loud and biased a manner as possible.
But what is actually involved in the PSD2
- Competition with the banks is to be promoted, and a system landscape which until now was closed off is to be opened.
- The user is to get an easy possibility to use bank accounts and bank data in offers and services from so-called third parties.
- All should come with a reasonable level of security and in a traceable structure of liability.
What should not happen
- The PSD2’s original objectives must not be counteracted by insurmountable hurdles in liability and technology.
- Proper data protection (always the knockdown argument for everything) must not lead to an abolition of competition.
- Technical Requirements should not end in bad UX experiences.
What is needed?
- An enabling of data protection and transparency „by design“ that thus promotes due data sovereignty and not the building up of fear-driven hurdles and walls in the runup, which in reality only serve to secure the banks „own“ treasure of data.
Best practice integration as a model and, in case of doubt, a one-off case by super- visory authorities.
- Avoiding dependence on the „goodwill“ of banks via clear enforceable rights and obligations for both parties as well as reasonable fallback rules for non-compliance.
If a bank does not have a high-performance API, direct access is permitted until the bank has demonstrated the performance – at best by means of smart technical processes coupled with competent authorities rather than by complex documentation and reporting loops from all involved parties.
- End-to-end traceability for all sides and thus a basis for regulated liability.
- Sensible liability solutions also for smaller and newer companies.
For example, shareholders of small companies could assume liability.
Not easy, but possible!
I trust in the wisdom of the EBA and the neutral legislators and I believe in a more meaningful and good solution in the sense of the users. Users must be master of their own data and decide where and in which context they want to use it – and this can and should be possible both for innovative banks and for new providers.
More in German here 👉🏻 http://paymentandbanking.com/wem-gehoeren-unsere-daten-2/