Consumer trust in new services in the age of open banking
The financial industry has for the last decades educated consumers about fraud and the importance of protecting bank credentials. Consumers have been told how fraudsters will attempt to steal and use their sensitive information and the easiest way of protection is to never trust a third party asking for bank credentials.
And then came the Payment service directive (PSD2).
The European Union’s revised directive has opened a new era for the European payment industry. One of the purposes behind PSD2 is to allow customers’ accounts to be accessed via application programming interfaces (APIs). Services enabled by the directive are entirely new types of payment services, namely third-party payment initiations, provided by Payment Initiation Service Providers (PISPs), and third-party account access provided by Account Information Service Providers (AISPs).
In other words, if consumers want to utilize new types of payment services, they need to start trusting third parties asking for their bank credentials.
Security requirements and regulations have fundamentally changed with PSD2. The revised directive allows consumers access to account information and make payment transactions from both their existing digital banks as well as new payment services offered by third party provider (TTP).
Banks are however responsible for providing a secure infrastructure for TPPs. This will be a major challenge for banks because in order to prevent fraud in real time, most banks use packaged software whose fraud scoring models are trained over a period of 18 to 24 months. That means that after PSD2 introduces new transactions through TPPs, it will take around two years for the banks to generate scores reflecting the transaction risk.
In order to prevent fraud, banks should facilitate payment trails and TPP checks. Enfuce regulatory compliance service offers a full payment trail with TPP validation checks and an exact trail on how payments have been strongly approved by the account owner.
Trust is a shared responsibility
The question that arises is who takes responsibility for building confidence among consumers to utilize new types of financial services? Is it the banks? Third party providers themselves? I say it’s everyone’s!
In order to thrive, banks need to view PSD2 compliance as part of a broader digital transformation and learn to collaborate rather than compete . For banks it’s essential to keep a trusted relationship with their customers, so that they feel assured that banks handle their data with utmost security, especially when accessing it from a TTP’s service.
Compliance and security should be a top priority for everyone within the payment ecosystem. If we deliver secure services without hick-up’s the consumer trust will be earned!
More information on Enfuce Open Banking services here