Fintech has been knocking on the door of the financial services industry for a number of years, driven by huge developments in payments and accounts technology and an explosion in customer data. But the arrival of the second payments services directive (AKA PSD2) earlier this month has put fintech firmly in the driving seat, promising to change the face of financial services forever. By finally ending the monopoly of the big banks over our money, PSD2 clears the way for a whole host of exciting new financial products – and lucrative business opportunities.  

So, what do you need to know?

Why has PSD2 been introduced?

As with many areas of the law, the rapid development of technology simply wasn’t covered by the original payments services directive, passed way back in 2007. As a result, fintech providers faced huge regulatory barriers to entering the market, giving the big banks an unfair competitive advantage. PSD2 solves this problem, providing a framework for the use of new technologies – and most importantly, customer data - giving consumers more choice and control over how they manage their money, combined with the peace of mind that their security is protected.

What are the main changes?

The key change brought in by PSD2 is that banks are now required to give third-party providers access to customers’ accounts and payments details – where the customer has authorised them to do so. That means banks are opening up their application program interfaces (APIs) to communicate with third party providers, which can use this information to layer a whole host of imaginative new services on top.

What kind of services will now be possible?

The third-party providers in question fall into two categories: AISPs and PISPs.

AISPs (Account Information Service Providers) use account information to aggregate your financial data, with the aim of helping you to track your spending or manage your money better. We’ve already seen various fintech start-ups positioning themselves in this space, such as MoneyHub, which lets you manage all your bank accounts, pensions and investments in one place and OnTrees, which also helps you with tracking your expenses and budgeting. We’re sure to see plenty more popping up throughout 2018.  

Then the other category is Payment Initiation Service Providers, which not only access customer account information, but also initiate online payments on your behalf, replacing your debit/credit card or online banking. We all know about payment services such as PayPal and Transferwise, but we’re likely to see even more handy payments options emerge, following in the footsteps of trailblazers such as Curl, which lets you pay anyone in the network based on their @username, offers hands-free shopping and smart receipt and Circle - one of our favourite startups of 2017 - which lets you send money like a text.

What about regulatory and security requirements?

Of course, there are certain hoops to jump through if you want to get in on the action. Under PSD2 any AISP or PISP must be registered, licensed and regulated at an EU level, and adhere to a number of security requirements, including:

1.     Internet transactions will require at least two of the following:

·       Something only the user knows, e.g. a pin or password

·       Something only the user has, e.g. a payment card

·       Something the user is, e.g. a unique fingerprint  

2.              Remote transactions will require an extra level of security in the form of a unique authentication code

What could go wrong?

When you’re handling payment and financial details, there are always going to be risks involved, so it’s vital that fintech providers are prepared for all eventualities. What if a payment accidentally goes through without the authority of the customer, or cyber criminals get access to customer data? It’s because of these risks that PSD2 legally requires that PISPs and AISPs have a specific type and level of professional indemnity and cyber insurance cover in place, to ensure the customer isn’t left out of pocket. The right insurance will also protect fintech firms against legal and compensation costs, as well as some fines (where insurable by law), if they are found in breach of the regulations.

There will no doubt be plenty of innovators entering the fintech market in the coming months, eager to take advantage of the opportunities on offer. But as they eye the potential rewards, entrepreneurs must always keep in mind the risks of getting it wrong, to ensure they make an impact for the right reasons.

About Digital Risks

Digital Risks is a specialist insurance provider that focuses 100% on the needs of digital businesses. As a fintech specialist, we’ve worked with one of the leading providers in the market to build a specialist PSD2 policy, to meet regulatory requirements and give you the peace of mind that you’ll be protected. We can also help you calculate the level of cover you need, based on your unique risk profile. To discuss your needs further and get your business protected for PSD2, book an appointment with one of our team.