Open banking describes the process carried out by banks and/or other traditional financial institutions that offer customers and third parties easy digital access to their financial data, including the ability to download and share information on account balances, payments, transactions and investments. The term can also refer to allowing third parties to initiate transactions from a customer’s account, such as sending a payment or withdrawing money. Essentially, open banking gives people the opportunity to share their financial account data to access certain innovative financial services, sharing data with service providers, understood as different institutions or third parties, to potentially benefit from them.
Open banking, in short, is a system that enables secure interoperability in banking by allowing third-party organizations to access data through the use of application programming interfaces or APIs. Due to the continuous evolution of the global economy, open banking is becoming more and more commonplace as it enables faster and more secure transactions everywhere, giving consumers more opportunities – through the use of third parties – to manage their finances. In this scenario, banks allow access and control of customers’ personal and financial data to third-party service providers, which are typically technology start-ups and online financial service providers. Customers tend to be required to grant some sort of consent for the bank to allow such access. APIs (commonly referred to as Application Programming Interfaces) are programming interfaces, which allow software to communicate with each other by means of well-defined commands and can thus make use of shared customer data (and data on the customer’s financial counterparts). Their use could include a wide range of financial services options, including the aggregation of data between financial institutions and participating customers or the execution and processing of new transactions and account changes on behalf of possible customers.
How PSD2 works
PSD2 is a European regulation on electronic payment services that aims to make payments safer in Europe, promoting innovation and acting as an aid to banking services that need to adapt to new technologies. PSD2 is proof of the growing importance that APIs (Application Program Interfaces) are gaining in various financial sectors. In 2007, the Payment Services Directive (PSD) sought to contribute to the development of a single market for payments in the European Union in order to promote innovation, competition and efficiency in the EU, and in 2013, the European Commission proposed an amendment that aimed to reinforce these objectives by focusing on improving consumer protection, but above all by simplifying the development of new payment methods and e-commerce.
PSD2 (Payment Services Directive 2), the digital payments directive, was the driving force behind the Open Banking concept, regulating ‘payment services and payment service providers within the European Union’. It came into force in Italy on 14 September 2019, proposing to increase the security margins of the payments market, increasing consumer protections and stimulating innovation and competition. In a nutshell, the ultimate aim of open banking is to promote the development and spread of innovative payment systems by encouraging banks to share the information they hold on payments and current accounts with other companies. PSD2 has made the financial scenario increasingly competitive and cutting-edge, basing core activities on people’s needs. Another important development of PSD2 is the introduction of new security requirements, the so-called Strong Customer Authentication (SCA), which entails the use of two authentication factors for banking transactions that were previously not required, including payments and access to accounts online or via apps, as well as a stricter definition of what counts as an authentication factor.
What will change with PSD3
European priorities and strategies regarding the digital finance landscape are constantly evolving: just over two years have passed since PSD2 came into force in Italy, and there is already talk of a PSD3 protocol, which will fully realize what PSD2 promised regarding Open APIs and Open Banking. For a market to be well-functioning, it has to take into account consumer needs and technological advances, not forgetting social and economic conjectures, so the new revision of the Payment Services Directive will be prepared by the European Commission, with the aim of regulating electronic payments and the banking ecosystem as a whole in the European Economic Area (EEA). Still at an embryonic stage, PSD3 is not expected to fully enter into force until 2026, bringing key improvements to the current regulation, focusing on security, consumer rights and the value of services and products offered in the current financial landscape.