Over the next year, European Union Member States will be scrambling to implement the revised Payment Services Directive (PSD2) which goes into effect in January 2018. In a nutshell, PSD2 is an EU directive that will require all banks operating in Europe to expose customer account data for retrieval and provide payment services for use by authorized external entities. These Third Party Providers will be empowered to retrieve customer account information as well as initiate payments directly to bank systems if their customer provides them the authorization to do so. European banks are now on the hook to develop and provide programmatic interfaces (API’s) for outside organizations to tap into, whether the banks like it or not.
Many industry experts believe the implications of PSD2 are huge, with some even going as far as calling it “the single biggest change in the banking industry ever.” Advocates say it will result in increased competition, accelerated innovation, and ultimately provide consumers with better financial services.
Needless to say, not everyone is in favor of open access to financial data. Many remain concerned about security ramifications, the cost of creating and maintaining these API’s, the loss of key revenue streams due to disintermediation by third-party products, and, maybe most importantly, sixty-eight percent of bankers in Europe fear the consequences of losing control of the client interface.
For now, financial institutions in the U.S. remain unaffected. However, many entities, including the CFPB, are pushing for FI’s to provide access to consumers’ data. No matter what side of the fence you may be on in this debate, financial institutions will be increasingly asked fundamental questions about future plans to share data and services with outside organizations. Developing superior API strategies may become essential for your institution to remain well positioned for the future.
API’s matter in our increasingly connected world.
In a previous blog, I discussed how building collaborative systems to share data and services is an essential part of the technical future. API’s are the pipeline to data, and can be considered a modern day “oil drill” that taps into valuable data and services that can be refined into innovative product offerings.
An example of this is the development of smart cities. API’s can connect emergency vehicles for faster response times, create efficiencies in transportation, and improve public safety. And that’s only just beginning. Over time, citizens will interact seamlessly with their surroundings through connected data and services. These solutions will largely become available through products that leverage API’s. Several major cities have already begun open data initiatives to accelerate digital growth in their communities.
In our increasingly digitized and connected world, financial institutions have a unique opportunity to play a central role in their customers’ lives. Utilizing a cohesive API strategy, FI’s can form partnerships to create (and monetize) services that go far beyond traditional banking.
Well created API’s will become essential to the overall User Experience.
Most people think about user experience as an artfully designed, intuitive visual interface that helps users get things done. In this new era of expanded API’s, interfaces will transcend screens, becoming more focused on communication and analytical assistance. Technology shifts, such as the emergence of the Internet of Things, will drastically change the way we interact with the world around us.
As gatekeepers of financial data, banks and credit unions have the opportunity to lay the foundation for more intelligent financial services that merge rich data from a wide range of sources to create new service capabilities. In the future, prospective customers may judge banks and credit unions based on how well they engage with other digital systems. FI’s that don’t interact effectively may get left behind.
Do API’s create a security threat?
Increasing access to consumer financial data certainly increases the level of risk. Open systems with additional touchpoints offer more attack vectors for fraudsters. In the case of PSD2, a vast majority of banks agree strongly that data protection and risk to reputation are significant issues that still need to be addressed, and specific aspects of the directive provide additional challenges that could make it even more difficult to protect sensitive information.
Even so, financial institutions have been moving in the direction of more open systems for quite some time. API’s already play a major role in the integration between online banking systems and ancillary products that provide payment capability or analytical services. Trusted connectivity channels between mainline financial services providers are the rule rather than the exception. Accordingly, emerging regulations like PSD2 would expand existing practices, not create an entirely new type of integration.
Whether such an expansion creates untenable risk is likely to be the topic of discussion for years to come. At a minimum, financial institutions should begin developing a full scale API management plan with unified security policies.
What’s a banker to do?
Banks and credit unions have much to gain from the expansion of API’s. According to one study, only about 27% of respondents view their banks as trusted partners. By offering more impactful digitized services, FI’s could provide increased personalized guidance and assist their customers and members in ways that could drastically improve the relationship.
But there is also much to fear. Financial institutions that want to fully leverage API’s must find a way to do so securely, or the pitfalls of this brave new financial services approach may outweigh the benefits.
In any case, financial institutions who ignore this potentially revolutionary shift may be putting themselves in a vulnerable situation. Those who choose to discount the rise of API’s as a critical element of their overall product strategy could eventually struggle to compete.
At a minimum, financial institutions must keep an eye on this emerging trend and be poised to act. It’s vital that banks and credit unions pay attention to conversations about U.S. directives similar to PSD2 today, or they may find themselves behind in establishing the foundation needed to build tomorrow’s API strategies, policies, and security practices.
Eric Wilson is a Manager of Research & Development for Jack Henry & Associates' Enterprise Processing Solutions.