Post on 12-Mar-2020
PAYMENT SERVICES DIRECTIVE (PSD2) CONTEXTJohn Broxis
© All rights reserved
1. Implementation of PSD2, Open Banking and new APIs – potential new business models and revenue streams (and how to improve existing revenue streams)
What is Open Banking Europe2
eIDAS meets PSD2Securing Access to Financial Services with Qualified Certificates
Open Banking Europe community
1. Implementation of PSD2, Open Banking and new APIs – potential new business models and revenue streams (and how to improve existing revenue streams)
PSD2 Access to Account4
eIDAS meets PSD2Securing Access to Financial Services with Qualified Certificates
PD2 Access to Account and RTS
PSD2 Article 65, 66, and 67
Account servicing Payment Service Providers that offer online payments accounts shall allow PSUs to access accounts via regulated third parties to
• Initiate Payments• Get Account Information• Confirm available funds
Communications between the ASPSP and the TPP will be secure, and in compliance with the RTS
EBA RTS on Common and Secure Communication and Strong Customer Authentication.• ASPSPs must provide an interface
that conforms to some rules (Article 30).
• An API or an adaption of the user interface (Article 31)
• All interfaces will use eIDAScertificates for Identification, based on the registration numbers issued by national competent authorities (article 34).
eIDAS meets PSD2Securing Access to Financial Services with Qualified Certificates
Revocations & Disputes
Interfaces & SCASetup
eIDASCertificates
Registration &
Passporting
20/03/2018
1. Implementation of PSD2, Open Banking and new APIs – potential new business models and revenue streams (and how to improve existing revenue streams)
PSD2 Challenges7
eIDAS meets PSD2Securing Access to Financial Services with Qualified Certificates
ASPSPs have the obligation to allow access to regulated entities, and block access to those that do not have access.
Failure to properly authenticate, leads to the risk of unauthorised transactions and subsequent claims under PSD2, or unauthorised data sharing and subsequent claims under GDPR.
Common understanding:• ASPSPs will use eIDAS certificates will be used for Identification
• ASPSPs will use the National registers for the Authorisation of a party, i.e. understanding if a party is regulated and what that party is authorised to do.
Granting Access
eIDAS meets PSD2Securing Access to Financial Services with Qualified Certificates
Certificate Standardisation
NCA register Harmonisation
Linking QTSPs & NCAs
Common Directory
Four ERPB Identification challenges
eIDAS meets PSD2Securing Access to Financial Services with Qualified Certificates
Revocations & Disputes
Interfaces & SCASetup
eIDASCertificates
Registration &
Passporting
1020/03/2018
1. Implementation of PSD2, Open Banking and new APIs – potential new business models and revenue streams (and how to improve existing revenue streams)
Authorisation and Passporting11
Revocations & Disputes
Interfaces & SCASetup
eIDASCertificates
Registration &
Passporting
eIDAS meets PSD2Securing Access to Financial Services with Qualified Certificates
HomeMSCA
HostMSCA
Authorisation
Home Register
Passporting
MSCA approves/rejects AuthorisationTPP applies to Home MSCA
MSCA issues Registration NumberMSCA adds to Home Public RegisterTPP Notified of Authorisation
TPP
TPP applies for PassportingMSCA passes request to Host MSCA.
MSCA adds to Home Public RegisterTPP Notified of Passporting
Made publicly available online
ASPSP
Authorisation and Passporting
eIDAS meets PSD2Securing Access to Financial Services with Qualified Certificates
24.
8.
17.19.
9.
3.
12.
2.20.
11.25.
29.
30.
23.
10.33.
26.
31.
32.
1.18.
16.22.
21.
13. 27.
4.28.
6.
7.
14.
15.34.
5.
PDF Only (English), one Authorisation Number
Single Search Only (English),two Authorisation Numbers
Web format, Two Authorisation Numbers
Single Search Only (French) three Reg Numbers
x 31
[PI, EMI, Credit Institutions]
x 3
[Number of Member States]
31 national registers
eIDAS meets PSD2Securing Access to Financial Services with Qualified Certificates
Open Banking Europe actions
• Defined the set of data needed for successful access to account• Defined a unique referencing number system that is linked into the certificate standard.
• Completed a gap analysis of all 31 public registers• Held / holding bilateral meetings with NCAs
• Designed a directory to hold standardised data on all regulated players
• Developing that directory
eIDAS meets PSD2Securing Access to Financial Services with Qualified Certificates
Country Readiness heat map
1. Implementation of PSD2, Open Banking and new APIs – potential new business models and revenue streams (and how to improve existing revenue streams)
The Open Banking Europe Directory16
eIDAS meets PSD2Securing Access to Financial Services with Qualified Certificates
Example TPP: Trustly in Sweden
eIDAS meets PSD2Securing Access to Financial Services with Qualified Certificates
The Unique reference number
eIDAS meets PSD2Securing Access to Financial Services with Qualified Certificates19
Roles and Passports
eIDAS meets PSD2Securing Access to Financial Services with Qualified Certificates
Directory API
eIDAS meets PSD2Securing Access to Financial Services with Qualified Certificates
Directory: operational data
ASPSPs will use the directory to obtain operational data about TPPs (e.g. contact numbers) that are stored in the directory.
TPPs will use the directory to obtain operational data about ASPSPs (e.g. developer portals, contact numbers) that are stored in the directory.
eIDAS meets PSD2Securing Access to Financial Services with Qualified Certificates
Revocations & Disputes
Interfaces & SCASetup
eIDASCertificates
Registration &
Passporting
20/03/2018