A Pecha Kuchaish presentation on some of the issues and risks of the implementation of PSD2 and therefore risk to not opening up the banks for innovation to flourish.
for the ustwo Fintech Talkies II event.
What is PSD2
a more integrated and efficient European payments market
level the playing field for payment service providers
THE WORRYING FRAGILITY OF PSD2 @ADEN_76 @FINTECHBOT
Payment Initiation Services
& Account Information Services
Today - Taking the PIS
THE WORRYING FRAGILITY OF PSD2 @ADEN_76 @FINTECHBOT
Merchant
Card Details
Acquirer
PaymentRequest
Card SchemeIssuing Bank
PAID
Tomorrow - A piece of PIS
THE WORRYING FRAGILITY OF PSD2 @ADEN_76 @FINTECHBOT
Merchant
Initiate
Issuing Bank
PISP
Today - A pain in the AIS
THE WORRYING FRAGILITY OF PSD2 @ADEN_76 @FINTECHBOT
Download PDF
Logon
Scrape Data
Logon Details
Tomorrow - Kick AIS
THE WORRYING FRAGILITY OF PSD2 @ADEN_76 @FINTECHBOT
Transactions
Auth - Token
AISP
…EU must be compliant by Jan 13th 2018
PSD2 came into effect Jan 12th 2016…
THE WORRYING FRAGILITY OF PSD2 @ADEN_76 @FINTECHBOT
Laws interpreted by 28 countries!
THE WORRYING FRAGILITY OF PSD2 @ADEN_76 @FINTECHBOT
…and technical guidelines 18 months behind
THE WORRYING FRAGILITY OF PSD2 @ADEN_76 @FINTECHBOT
All done by 2Q 2019?
From the makers of these bloody things...
THE WORRYING FRAGILITY OF PSD2 @ADEN_76 @FINTECHBOT
From the makers of these bloody things......comes ‘strong customer authentication’
THE WORRYING FRAGILITY OF PSD2 @ADEN_76 @FINTECHBOT
THE WORRYING FRAGILITY OF PSD2 @ADEN_76 @FINTECHBOT
OSI vs TCP/IP
APPLICATION
PRESENTATION
SESSION
TRANSPORT
NETWORK
DATA LINK
PHYSICAL
APPLICATION
TRANSPORT
INTERNET
NETWORK
ACCESS
“OSI is a beautiful dream,
And TCP/IP is living it!”
Einar Stefferud
• Mention Xignite API revolution?
http://resources.xignite.com/h/i/138320575-
xignite-21-innovators-join-forces-to-launch-
the-fintechrevolution-api-ecosystem
• More ecosystem building. More webs not
walls.
https://uk.pinterest.com/pin/2944228943612
12771/
THE WORRYING FRAGILITY OF PSD2 @ADEN_76 @FINTECHBOT
THE MOST VALUABLE
COMMODITY I KNOW OF IS
INFORMATION
GORDON GEKKO
CORPORATE RAIDER - JACKSON STEINEM
THE WORRYING FRAGILITY OF PSD2 @ADEN_76 @FINTECHBOT
AN ILLUSORY ADVENTURE
OF IMPOSSIBLE ARCHITECTURE…
AND NO FORGIVENESS
PLEASE LET’S NOT FUCK IT UP
THE WORRYING FRAGILITY OF PSD2 @ADEN_76 @FINTECHBOT
• Hire me/help me get hired.
• Photo of the boys holding a hire my daddy he is not a
complete idiot sign?
• Website
• Linked in
• Aden_76
• Fintechbot
• Show my old tweet?
• URL to the slides – publish beforehand.
• URL to the write up not slideshare. But there as well.
T.HANKS
THE WORRYING FRAGILITY OF PSD2 @ADEN_76 @FINTECHBOT
Slides etc.
http://bit.ly/ustwo-AD76
Editor's Notes
Hello. I am Aden and I want to talk about my favourite bit of European Parliamentary legislation and my worry over its wellbeing. PSD2 is the second iteration of the Payments Service Directive a series of proposals to change to European law around the movement of money and transaction data. It will change the way we bank and I really want it to be successful in doing so.
Here is the legislative beauty. 90 odd pages of almost impenetrable legalese. Its stated purpose is to make a more integrated and efficient European payments market. And to level the playing field. What it means really is to kick banks assess to open up data and cut out dominant middle men from payments. It will introduce two key things. PIS and AIS.
Let me try and explain. Ada wants to buy the complete works of M.C. Escher, she takes out her Mondo card (she strickes me as a mondo user) and she inputs her card details into Amazon. The payment request goes off to the acquirer, worldpay – this is routed through the card scheme in use, Masterd
Card here and then to Ada’s bank that issued her card. Money sent back for payment to amazon. Amazon keeps the card details on file. Repeat ad infinitum for other merchants.
In the new world of PIS. No card details are exchanged. Instead a token based connection is made, The merchant makes a request to Ada’s bank / card provider for a token based relationship to be formed. This then creates a direct link to Ada’s account. Unique to the merchant. Ada is in full control. A failing at the merchant means she does not have to cancel cards. The merchant must be licensed in some way to be able to move money in this way. They will be known as PISPs. This change also cuts out all those other pesky mainly American card scheme and allows new players to emerge, it also starts to make current accounts more platform like.
Let’s now take a look AIS. Here Crow, who is very organised with his finances as he is saving for a curse lifting procedure, Crow has his main account with Barclays and he downloads the transactions manually every so often in CSV format. Crow has a credit card with HSBC and he downloads his transactions in the bloody useless format of PDF because reasons. He swears. He also has a joint account at Lloyds with his crow lover. This is a semi automatic download and he has given his password details over to money dashboard to scrape his transactions. He is a reckless maverick. He then munges all this data together and manages his money the best he can. He caws with disdain regularly and walks around seemingly aimlessly.
No more pain in the brave new world my Crow friend! Similar to the payment relationships, in the future banks will have to provide an automated and much safer less painful means of transfer. Like the way you would connect your twitter account to a third party app. The consumers of this data must be licensed ins some as yet undefined way. These new information aggregators will be known as AISPs.
Now I don’t know about you but these changes are exciting. AISPs and PISPs could effectively replace a lot of functionality of exisiting banks and allow for some hopefully much richer, simpler, more interesting interfaces, experiences and services. The rules were signed into European Law at the beginning of the year and the EU members must all be compliant with the proposals by the start of 2018….but all is not pelvis thrustingly awesome….although to continue the theme slightly
Now as we saw last week, Europe is a beautifully diverse set of countries who interpret things in many ways. When it comes to PSD2 and the need for some solid standards for APIs, communication and security variation and creativity might not be the best thing. The directives need to be transcribed by all 28 EU members into local laws, in the UK this will be part of the Payments Services Regulations.
There is another hitch. There are will be some Regulatory technical standards., RTS for nine areas relating to these changes. The key ones being around communication methods i.e. APIs and strong customer authentication to allow these functions to work. These things are not published yet. They are due ‘this summer’. The final ratification of the standards though could take 18 months. The EBA are confident there will be enough published in time for solutions to be created to meet the deadlines. This feels like shaky foundations to me….
Because we do not want the kinds of people that bought you these bloody things to be cobbling together technical standards that will drive the future of banking. We must not let those that forced the situation of today be in charge of the situation of tomorrow or we will end up with some very uncomfortable solution.
Because we do not want the kinds of people that bought you these bloody things to be cobbling together technical standards that will drive the future of banking. We must not let those that forced the situation of today be in charge of the situation of tomorrow or we will end up with some very uncomfortable solution.
The lack of easy access to payments and more importantly data has forced awful workarounds that put brave users at risk and stagnate change for the mainstream. Scraping is a necessary evil and I hate that it has to exit. Thankfully PSD2 sounds the death knell for scraping banking data or at the very least ensures better methods will exist.
Thankfully our own fine land is on it. We have the Open Data Institute pulling together some open standards and bring lots of people to the party, we also have the competition markets authority this week demanding that APIs be ready by Q1 of next year in the UK for certain types of data. I do hope they have the power and the skill to make this happen…although I do have minor concerns about fragmentation of standards…and it is adding yet more committees and requirements and words to the debate
Which is bringing to mind the classic battle of the Open Systems Interconnection reference model and Transport Control Portal and Internet Protocol. OSI was debated and designed to the nth degree, technically perfect and backed by regulators, industry, engineers alike….but it lost to something simpler yet flawed. This quote from one of the god fathers of the internet sums it up perfectly. I worry PSD2 technical guidelines will drag on because someone wants to make it a beautiful dream.
Meanwhile companies with real vision are living the dream. Brilliant UK based companies like Currency Cloud have shown what real platforms and smart APIs can build, Go cardless made direct debit easy, Mondo and Starling are both building for API driven worlds with current accounts as a platform. Thankfully some bigger banks are there too, BBVA with their open platform and Citi with their mobile API challenges.
Companies like Stripe have proven the power of treating APIs like products, making the developers real customers and making it easier than ever to make things involving the movement of money. They have raised the standards of the industry ten fold, pushing PayPal to buy Braintree, Mastercard and Visa to relaunch and redouble their API efforts regularly. These are the kinds of people I want to ensure are involved in the design of solutions for banking’s future.
Another nice little example that I like is Xignite. They provide market data with lovely APIs, they are building out an ecosystem of parties who all provide data in this same way. More ingredients to build more things. Fintech companies coming together to build something greater than just they themselves ever could. My utopian hippy self wants far more openness and collaboration between financial services firms for the benefit of people who want to make better things.
Because we need to challenge the stereotypical attitude of the banker, they are by no means all like this but still the attitude to PSD2 is this is our data we won’t make it easy for those bastards to just come in and steal our customers because we are shit at making decent interfaces. They need to see that decent APIs will benefit their own developers over anyone else. People being able to make things faster than ever before. The smart ones know this, they know they no longer ‘own the customer’ but that they need to integrate well into the customers whole financial relationship.
Ultimately I want to see the innovative players drive the market. Yes the regulation is welcome and needed. But what will really make the incumbents move is a mixture of regulation and the fear of missing out. Missing out on how banking will work tomorrow, how easily new players launch products and services, how easily business models are mixed and remixed and how their customers bank with the companies that fit into their lives the best.
PSD2 does feel like an illusory adventure of impossible architecture….but is certainly a challenge worth facing but unlike Ada there will be no forgiveness if this does not pan out the way it should. The people who have suffered rubbish banking have suffered long enough. Please let’s not fuck this up.
Thanks very much for listening. Slides and what I was meant to say are published here, I have also included a load of links to more reading material used to make this presentation. If anyone wants to hire me based on my awful presentation puns and passion for European regulation then please do let me know. Cheers.