Review of Priviti PSD2 Use Case and its positioning compared to alternative marketplace offerings

Similar documents
WHITE PAPER. Revenue Opportunities Created by Open APIs

WHITE PAPER. REVENUE OPPORTUNITIES CREATED BY OPEN APIs. Venkataraman Durghados IBS Open APIs Solution Architect

Open Banking PSD2, GDPR and the American Merchant

Creating value from the open API economy A blueprint for banks

PSD2 TAS Open Banking

THE PAYMENT SERVICES DIRECTIVE II (PSD II) Liberalisation of electronic payment transactions

Technology Innovation Exchange 2017

API Banking. The shift to open banking

Turning the Revised Payment Services Directive into Digital Opportunity

Market environment and implementation timeline PSD2 in a nutshell

Market environment and implementation timeline PSD2 in a nutshell

Turning PSD2 Challenges into Business Opportunities.

WHITE PAPER. Encouraging innovation in payments through the PSD2 initiative. Abstract

PSD2 is on top of our agenda

The communication between Third Party Providers and Banks. PSD2 in a nutshell

The communication between Third Party Providers and Banks. PSD2 in a nutshell

AUTHENTIC AND PAYMENT TRENDS AUTHENTIC IS AN INTELLIGENT TRANSACTION-PROCESSING PLATFORM DESIGNED FOR TODAY S FAST-CHANGING PAYMENTS BUSINESS.

Unleashing the API Economy for Banking Payment Services Directive 2 (PSD2)

PSD2 & The Future of Digital Banking. Bragi Fjalldal, CMO & VP Business Development

PSD2: Igniting Digital Payment Innovation

The revised Payment Services Directive (PSD2)

PSD2 IMPLICATIONS OF THE REGULATION August 8, Regina Lau, Chief Strategy Officer, Ingenico epayments Zainab Mir, Counsel Payments, Netflix

Introducing CGI Open Finance for the Open Banking Economy

Navigating the components of Open Banking

Edgar, Dunn & Company A Closer Look at the Payment Regulations. Webinar 25 th June 2015

Guidelines for PSD2 Implementation

Capgemini s Open Banking Marketplace

Unlocking the full business potential of PSD2

117 shades of black within PSD2

Challenges and solutions. related to Digital Transformation Training & workshop

PSD2 - Second Payment Services Directive. Information Set

The Open Banking PSD2 Implementation Strategies

OPEN BANKING: THE ART OF THE POSSIBLE MAKING OPEN BANKING WORK FOR YOUR ORGANISATION. An NCR white paper

40% of banks in CEE have not yet decided which strategy to pursue. Cautious optimism reigns

Top business challenges imposed by the market s shift towards Open Banking. Technological foundation for your new service offering

Nordea webinar 29/ : PSD2 Access to Accounts a game changer

Work stream 3 Implementation Plan Industry Landscape

PSD2 & Instant Payment

PAYMENT SERVICES DIRECTIVE 2 WHAT IS ALL THE FUSS ABOUT ANYWAY?

PSD2 open banking for Prepaid Programme Managers. Implications and Requirements

Payments Transformation The Time to Act is Now Oracle Open World 2018

PSD2 ACCELERATOR CAPTURE OPPORTUNITIES, ADDRESS CHALLENGES, AND DRIVE SUCCESS THROUGH PROVEN EXPERTISE

IBM Payments Gateway. Simplify your payments acceptance with prebuilt, ready-to-deploy global payments solutions and services on the cloud

PSD2 & Open Banking The Future of Payments

Navigating the PSD2 and GDPR challenges faced by banks. Minds made for protecting financial services

Navigating the PSD2 and GDPR challenges faced by banks. Minds made for protecting financial services

Open Banking, PSD2 and the New API Economy

How PSD2 impacts marketplaces and platforms

Payment Services Directive 2: What it Means for Banks, Customers, and Payment Service Providers

Will the Online Banking e-payments stimulate e-commerce in Europe? Piet Mallekoote, CEO Currence Brussels, 4 May 2012

PSD2 Strategy. Comply, Compete or Innovate? November kpmg.nl

INTELLIGENT PAYMENTS. A payment solution for merchants

Transforming Payments in an assembly game

GLOBAL OPEN BANKING ECOSYSTEM

TAS CASHLESS 3.0 FOCUS ON. The absolute framework for electronic payment management. CASHLESS 3.0: the ultimate. payment experience

PSD2: An Open Banking Catalyst

APIFICATION OF FINANCIAL SERVICES - ADAPTING TO A CUSTOMER CENTRIC WORLD WHITE PAPER

DECENTRALIZED AUTONOMOUS ORGANIZATION FOR DIGITAL NOMADS NOMAD DAO

API Gateway Digital access to meaningful banking content

WHITE PAPER HOW BANKS CAN CREATE VALUE FROM THE RISE OF THE OPEN API ECONOMY IN FINANCIAL SERVICES

OPEN BANKING & PSD2: WHY COMPLIANCE ISN T ENOUGH

PRETA and PSD2. Access to Accounts (XS2A) PRETA All rights reserved. PRETA All rights reserved.

UK Open Banking: the future belongs to the flexible

Euro Retail Payments Board (ERPB) Final Report of the ERPB Working Group on Payment Initiation Services. ERPB Meeting 29 November 2017

Seizing the Opportunities Unlocked by the EU s Revised Payment Services Directive

Herber de Ruijter / Head of Digital. Intellect Digital 3.0 Strategy API First and Experience-led Digital Banking for the 21 st century.

xs2a enabler Time to think ahead! PSD2 is coming with new challenges and massive opportunities. Content

How will you manage the impact of the Payment Services Directive 2?

PSD2 DATA FINTECH MARKETPLACE AISP CUSTOMER AWARENESS ALLIANCES MOBILE ECONOMY PISP API DIGITAL COMPLY REVENUE RTS SCORING BANKING STRATEGIC

Cashless 3.0. Partner Program Overview. TAS Group 2017

Cashless 3.0. Partner Program Overview. TAS Group 2017

Worldline Wallet & Mobile Payments. G. Regnault- Rotterdam 21/03/2017

Remote e-identification and e-signatures Trusting someone you have never seen

Market Report, Q1 2018

EMV Secure Remote Commerce. Frequently Asked Questions (FAQ)

The EU Regulations on payments

Trusted KYC Data Sharing Standards Scope and Governance Oversight

Innovation at Scale. James Anderson Executive Vice President Mastercard

Strong Customer Authentication in Practice

General Data Protection Regulation and Episerver Learn how to leverage your organization s data to support GDPR compliance.

Payment Systems : Standardized QR Code in Thailand. Financial Technology Department Bank of Thailand

Helping ASPSPs implement PSD2 and take advantage of Open Banking January 2019

Account Aggregation, Security, and the Future of the 360-Degree Financial View

CUSTOMER: LOCATION: INDUSTRY: OVERVIEW:

Banks & Acquirers solutions. When payment enables business digital transformation

Finserve. Here to power your ambition beyond boundaries

NextGen PSD2. A European Standard for PSD2 XS2A

UK Finance welcome the clarity the EBA is giving on availability and performance of dedicated interfaces.

Digital Banking BPC s Vision

The Second Payment Services Directive: Scoping out the impacts of the Regulatory Technical Standards

17 TH J A N U A R Y. Future of Banking. Emerging trends and Archetypes

Case Study. How Gemalto s Trust ID Network is revolutionizing self-sovereign digital identities by leveraging R3 s Corda blockchain platform

Mobile Wallet INTEGRATED WITH MOBILE BANKING A SEAMLESS WAY TO PAY KEY BENEFITS. Wallet. Back. Card Controls. Card Alerts.

Open Banking: the technology revolution sweeping across the banking industry. Policy Pulse June 2018 compendium

HOLINGER ASSET MANAGEMENT

Digital Passport. Transforming SME banking through customer-permissioned data exchange

Fintech: Assessment of Opportunities Created for Fintechs by PSD2. Valerio Mariani ( ) Axel Pillard ( ) Amanda Tan An Ping ( )

E-INVOICING Action Required: OB10 Registration

A STRATEGY FRAMEWORK FOR PLATFORM BANKS Point of View

A step towards cashless economy - Unified Payments Interface (UPI)

Transcription:

Review of Priviti PSD2 Use Case and its positioning compared to alternative marketplace offerings The revised Payment Service Directive (PDS2) is a directive focused on better integration of an internal market in payment services. Third parties (Account Information Services Providers or AISPs and Payment Initiation Service Providers or PISPs) will have access to transactional data to either analyse the data and/or to execute payments. The PSD2 is a directive that EU member states need to implement into national legislation. The implementation deadline for EU member states is the 13 th of January 2018. The key changes of this directive are clear: financial institutions will need to give access to bank accounts to third parties when double consent is obtained. This revision of the PSD directive also follows the General Data Protection Regulation (GDPR), which focuses on the protection of personal data and the transparency towards the natural person and enters enforcement on the 25 th of May 2018, which is not excluded from the PSD2. The PSD2 stipulates even further requirements regarding transparency towards the natural person, especially when he/she interacts with a PISP. The natural person should be informed about the (executed) payment transactions. The general obligations regarding the information to be provided are the same for both the GDPR and the PSD2: the information needs to be concise, transparent, and presented in an intelligible and easily accessible form, using clear and plain language. Drivers for third party authentication solutions With the revised Payment Services Directive (PSD2) at the doorstep, banks in Europe are working to allow third-party providers free access to payment accounts for payment initiation and account information services. Concentrating on compliance with PSD2 regulatory requirements at present, banks may move from a payment-centric API strategy to a wider transaction banking-based API strategy if they open their APIs to fintech partners. Meanwhile, transaction banking is receiving heightened attention from fintech companies, and this inevitable march to greater levels of automation and more open APIs might well lead to a restructuring of traditional banks IT staff resources.

APIs are the conductor of all transactions and the objective for financial institutions right now is to develop and implement APIs that will be secure and agile. APIs will be used in every situation where banks must share data. At its core, PSD2 is about enabling payments. It will create a shared, common experience for both banks and users that ensures data protection and customer privacy. It is based on common standards that encourage sharing of information between and among account information service providers (AISPs) and payment initiation service providers (PISP). The significance of PSD2 is that it will connect financial organisations to provide a better experience for all in the financial ecosystem. Any financial institution that wants to conduct business with European banks, brokerages, insurance firms, or any company or government group that handles financial data, must comply with the PSD2 framework for its data to be shared and used. PSD2 promotes an openness not now normally seen among the banking industry, and because it leverages innovative technology, it is unique opportunity in how progressive it is. Guaranteed entry for third-party providers (TPP) To improve transparency and security in the single market and to create a more level playing field, the PSD was expanded to include third-party providers (TPPs) as well as the Payment Service Providers (PSPs). A major component of PSD2 is Open Access to Customer Accounts (XS2A), which requires banks and other institutions to share payment account information with TPPs via open APIs. TPPs include Payment Initiation Service Providers (PISPs), such as Sofort in Germany, IDeal in the Netherlands and Trustly in Sweden, and Account Information Service Providers (AISPs) that aggregate customer information from multiple accounts and make it accessible from a single portal. Identification of the end-user in XS2A (Access to account) must be solved on a European basis. Identification could be solved by using eid Hubs, such as Signicat.

E-commerce gateways play an integral role in online payments as they help connect merchants to acquirers and processors. Over the years, these providers have accelerated digital commerce by providing secure solutions to accept both traditional payments (like debit and credit cards) and alternative payment methods (like PayPal and ideal). With the availability of open APIs through PSD2, existing gateway providers such as Global Collect, Ogone and Adyen can leverage on their existing merchant relationships to offer PISP or AISP services. This will enable repositioning of the gateway providers within the payments value chain and open up new revenue potential. PISPs: XS2A will cut out the middleman in electronic payments by allowing merchants to use a customer s account details to initiate a payment directly from the bank. From the customer standpoint, this puts the shop, mobile app or online service at the forefront of the transaction, relegating the bank to the role of invisible PSP. But these services need better security. AISPs: XS2A will enable consolidation of information from multiple accounts and multiple banks, giving consumers real-time visibility into cash flow and payment transactions in one place. This will give AISPs access to a data goldmine for cross-selling and personalization of offers that threaten to undermine the bank s customer relationships. But for the consumer, there needs to be more protection of the data and how it is used. Source: Meontrust To make electronic payments safer, PSD2 introduces enhanced security measures (including Strong Customer Authentication, with some exceptions based on context) to be implemented by all PSPs, including banks, payment institutions and TPPs. The technical requirements will be issued by the European Banking Authority (EBA).

Digital identity: Protected by Priviti With the need for enhanced security measures, there is an exciting opportunity for a third-party entrant who provides a strong authentication mechanism that is agnostic to the provider and easily accessible and usable for the consumer. This is the aim of Priviti: to provide strong authentication between the AISP/PISP and the consumer, giving the consumer more peace of mind in the transaction. Priviti becomes a security gateway to consolidated services and account verification, protecting the digital identity of the consumer and aiding the transaction verification process. Source: Priviti Priviti sits between the AISP and the consumer, allowing a more secure transaction where the security is more transparent to the user. Priviti could also sit between the PISP or PSP/bank and the consumer, authenticating both the transaction and the user. Per the GDPR, a controller is the entity that determines the purpose and means for processing personal data. By consequence, in the case of the third parties stipulated in the PSD2 both are controllers, as they alone determine what will happen with the personal data, and how it occurs. With the GDPR, third parties processing the payment information will need to receive consent from the natural person. Financial institutions as we know them today will also ask consent from the natural person to give the third parties access to the financial account of the natural person. Double consent will thus be necessary by the requirements of the PSD2. Keep in mind that the GDPR not only stipulates general requirements to protect the personal data, but also provides specific requirements about the way consent is obtained and how the controller should document that consent was in fact obtained. This is also useful for digital identity in other institutions, such as government, for issuance of documents such as passports, health care records or tax returns, and for payments such as welfare or social security.

Priviti: Financial use case examples There are several use cases that show the value of Priviti to both the consumer and the financial service provider in the banking transaction: As an enabler to share account information with third party services while establishing a new PSP relationship (adding a payment service provider); Combined with aggregator / gateway for pre-authorising payment permissions; Assisting in account management within a financial institution for multiple consumer accounts; Changing authorization codes in case of loss of card or hardware token; or Disabling accounts or revoking access once the relationship is terminated for consumer peace of mind and definitive closure. Competitive advantage The mission of Priviti is to be the global leader in digital identity by providing best-in-class secure authentication technology to Priviti partners for their customers deployment. Priviti's product vision of delivering a globally trusted service which, through user authentication, allows an individual to release credentials securely through its messaging service. This service provides a simplified means of accessing customer information in a secured and trusted way, releasing access to a Presenter s bank information, to a permitted party, for a specific purpose and time. Why is this enhanced process different than other solutions currently available in the market? This is not token-based, it is developed based on secure shared code, and Priviti has a central role as the authenticator, having created a platform of trust. Priviti provides a unique combination of push-based dual channel authentication and built-in credential hub functionalities to deliver a more secure and versatile solution that can be employed across a broad range of industry applications utilising API authentication. Dual authentication now occurs with a pull-based authentication where the user first provides credentials to the third party and subsequently authenticates the transaction via other forms of notification, such as SMS. In an approach with elements that are comparable to both blockchain and public key infrastructure, the quality of authentication with Priviti is different as it is dual channel and to both parties in the transaction. Dual access with secure shared code provides authentication that is: Time stamped Irrevocable Secure Priviti has designed and patented a Dual Channel Authentication (DCA) system which has an equally innovative backend infrastructure that offers seamless, secure payment transaction times that meets and exceeds regulatory requirements.

Summary Banks cannot afford to wait and see what the PSD2 legislation will mandate them to do. PSD2/XS2A opens new opportunities to aggregate services, create more distribution channels and share information with partners (who might have otherwise been competitors). By migrating to API-centric partner integration, banks can manage and use multiple interaction channels consistently therefore creating new revenue streams by using APIs to securely access partner services. Banks need to start reacting with open APIs and trusted third-party authentication providers to ensure they are not relegated to plumbing in the new payments world. Given that the EBA requirements for strong authentication will depend on the nature of the transaction, an agile security implementation strategy, particularly for identity federation, is a must. A solution such as Priviti that assists with authentication will help the banks manage the underlying account management and payment processing capabilities that the banks would otherwise have to pay to build and operate.

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback