Turning PSD2 Challenges into Business Opportunities www.ebankit.com
PSD2 in a nutshell Perfect Competition
Payment Services Directive 2 (PSD2) The PSD2 updates and complements the EU rules put in place by the Payment Services Directive (2007/64/EC). This will enable third party access to payment accounts for Payment Initiation and Account Information Services ( XS2A ). It will be mandatory for Banks to provide these third-party access to their customers accounts through open APIs (application program interface). This will enable third-parties to build services on top of banks data and infrastructure. The main objectives are: Contribute to a more integrated and efficient European payments market Improve the level playing field for payment service providers (including new players) Make payments safer and more secure Banks will no longer only just be competing against banks, but everyone offering financial services. Protect consumers Encourage lower prices for payments
Payment initiation service provider (PISP) Today After PSD2 Retailer (online) Retailer (online) Consumer Consumer PISP $ Consumer Bank Card Scheme e.g. Visa, Mastercard Merchant Acquirer $ Consumer Bank Card Scheme e.g. Visa, Mastercard Merchant Acquirer Card Details Money PISP User permits retailer to use Bank details Authenticate request Money Payment Initation Service Provider 4
Account Information Service Provider (AISP) Today After PSD2 $ $ Bank 1 App Bank 1 Bank 1 App Bank 1 $ $ Client Bank 2 App Bank 2 $ Client Bank 2 App Bank 2 $ Bank 3 App Bank 3 Bank 3 App Bank 3 Proprietary authentication / Login (eg: PIN, Password, etc.) Account information (eg: Balance) AISP Standard Authentication 5
PSD2 Advantages with ebankit Customers Merchants Banks Consolidate all accounts in one place Single interface to interact with all banks account details (this could be under your bank brand). Merchant s integration of bank accounts with merchant acquiring sites is convenient and practical. Reduced costs compared to card interchange. Immediate settlement into merchant s account. Even greater direct relationship with the customer Ability to position banks as an Account Information Service Provider (AISP) Opportunity to gain complete picture of customers relationships with all their banks Allow your customers to subscribe to your products with funds from other banks Be a stakeholder of the Fintech offers instead of being disrupted 6
PSD2 Roadmap Source: PwC 7
Strategies for banks Passive Ensure compliance with PSD2 Give 3rd parties access to data Provide basic API Active Develop advanced API platform Provide new services Create enhanced, customer-focused packages Banks need to define a clear strategy (to avoid being hit hard by competitors) While the non-banks will need to wait until 2018, banks can launch their new services today. 8
ebankit & PSD2
ebankit Roadmap 1. PSD2 Compliance (ebankit v3.1) Data accessible by public APIs 3 Stages 2. Data & Transaction Integration (ebankit v3.5) Importing, compiling and transacting from and with other Banks 3. Fintech & 3rd Party Integration (ebankit v4+) 10
1. PSD2 Compliance
PSD2 Compliance The PSD2 compliance module from ebankit covers all the functional needs of the PSD2 standard: XS2A PISP AISP ebankit API Gateway has a PSD2 compliance module
2. Data & Transaction Integration
Data & Transaction Integration The ebankit gateway is the answer to enter PSD2 as an Active player: Consume PSD2 data Integrate transactions Customers can subscribe to your products with funds from other banks ebankit API Gateway will consume data and perform transactions on other banks through PSD2
Data & Transaction Integration $ Bank 1 App Bank 1 ebankit s API Gateway will provide a layer of services to access other banks infrastructure. Using the ebankit platform will allow a customer to consume data from other banks and importantly also perform transactions on other banks. $ Aggregating accounts from other banks provides the opportunity to gain a complete visualization of the customer and allows; Client Bank 2 App Bank 2 $ Product factoring and actively target financial products to better compete with other banks Bank 3 App Bank 3 Account top-up using client funds from other banks PFM with one aggregated overview on the entire user financial life Extract metrics on user global financial usage behavior 15
3. Fintech Integration
Why Should Banks Integrate with Fintechs? Problem Solution Core and legacy systems are not flexible Provide fin services using 3rd parties / Fintechs SOFTWARE READY Internal development OR internal deployment of new solutions takes much time and effort Manage services through the API SERVICING READY New and untested solutions return is not always guaranteed Example with revenue stream: International transfers. The buy/sell spread profit set by the 3rd party would be split between service provider and the bank. New revenue stream One of Banks biggest asset is their client base (often millions) Fintechs want to grow quickly, leveraging a banks client base achieves this The bank can leverage on it's asset (the client base) and create a new revenue stream Using 3rd parties through APIs, banks can reduce dramatically the costs and the improve the time to market. This will reflect on a flexible customer journey that will embrace innovation, experimentation all while reducing costs. 17
Fintech Integration Since Banks have huge legacy systems, their flexiblity is often limited. ebankit can minimize these challenges by embracing selected fintechs and 3rd parties. Leveraging the ebankit API Gateway, the bank will generate keys to third-parties. The third-party uses the key to interact with the bank data and services. Scenario 1 Fintechs connect to bank and provide services Scenario 2 Clients use the fintech application that connects to the bank 18
Fintech Integration: SCENARIO 1 Fintechs, 3 rd parties and External service providers connect to bank and provide service. This can be either service to the end user or service to the bank. BANK Fintech 1 Add Value Eg: Add contextualized information on transaction list Fintech 2 API 3rd Party Add Services Eg: International Transfers User ebankit APP New Transactions Data External service provider External service provider Process Data Eg: Analytics processing and reporting 19
Fintech Integration: SCENARIO 1 1. Issue Key 2. Register with key BANK The bank issues a KEY that allows the fintech to access the bank s API with the predefined permissions. Security permissions are set by the Bank (limits per access token, type of information, account type, etc.). Fintech 3. Issue acces token 4. Access API with permission set Authorization Server Resource Server 20
Fintech Integration: SCENARIO 2 5. Access Data BANK Fintech Middleware This scenario depicts a situation where the client uses a fintech application. Resource Server The fintech provides the customer journey and uses services from the bank. 1. Access Application 3. Issue KEY Delegates authentication authorization For this scenario the Bank authorizes the fintech to access its infrastructure on a controlled environment. User authorization should be handled using Oauth 2.0 (or other protocol). User Fintech Application 2. Grant access Authorization Server 21
ebankit Solution and Security
Full ebankit API Gateway Security Fintech Integration Payments Account Aggregation Open Banking through ebankit API Gateway with managed access Data Analysis 23
API Security Access Control Risk Management KEY ISSUING MECHANISM Bank issues individual Keys to 3rd parties / fintechs to access the API KEY PERMISSION SETTINGS What information can be accessed What transactions can be performed Transaction amount limits (atomic, rule-based, group-based) Information Masking and de-coupling options (untie information from clients - eg: 3rd party big data processing without compromise of specific users information) FRAUD MONITOR Real-time monitoring of 3rd party interactions. Logging and reporting (daily, weekly, monthly...) REAL-TIME ACTIONS Rule-based Alerting (If 3rd party tries to transact more than specified limit, Bank alerts will be processed) Rule-based Key Revoking (If 3rd party tries to transact more than specified limit, the key will be revoked) 24
Level39, One Canada Square, Canary Wharf E14 5AB, London - United Kingdom Rua José Falcão 133 4050-317, Porto Portugal info@ebankit.com www.ebankit.com +44 20 32 87 65 92 +351 22 203 20 10