The rise of the non‐bank
The introduction of PSD2 has had a hugely powerful effect on the financial services industry, driving a wave of fintech startups and forcing banks to transform and innovate in ways they never have before, ultimately providing a better and more secure service.
When the Payment Services Directive II (PSD2) came into force in 2018, it accelerated the generation of open banking. As a follow‐up to the original PSD, which was designed to create a common European banking payments service, PSD2 introduced new customer rights around surcharges, currency conversion and complaints handling, along with extra authentication measures for payments. However, it’s the enablement of third party access to data from the UK’s biggest banks that has had the biggest impact.
As electronic payments evolved, the European Union felt the need to introduce a directive to stimulate competition in the payments space while regulating security requirements for its stakeholders. PSD2 was therefore designed to unlock access to banking and break the stranglehold that large retail banks have on customers. Now, third parties can provide new services, such as the ability to see all of your banking funds and services in one place, even if they are held with different institutions.
PSD2 has subsequently opened the market. Previously, established banks could control their own customers because no one else had an opportunity to provide services to them. That’s now changed and the impact is being felt, fuelling the rise of tech‐driven ‘non‐banks’. According to recent research by Pepper, a mobile bank created by Israel’s Bank Leumi, two‐thirds of financial decision‐makers believe PSD2 has already given tech companies a distinct advantage over traditional banks. Eight in ten said banks aren’t innovating fast enough to meet changing consumer demands for digital services, and half said the incumbent banks are at least three years behind their fintech rivals.
“Most new players to the banking sector are tech companies first, built with a digital core and solely focused on the customer,” says Michal Kissos Hertzog, CEO of Pepper. “They aim to make banking as easy as WhatsApp, as fun as Facebook and as sociable as Instagram. With a digital core, they can respond quickly to market demands and changes. And by moving away from a profit and loss business model and a culture that traditional banks are still guilty of having, new players have the flexibility to dig into their data and provide solutions that really understand what their customers want. In turn, they win their loyalty, which is big challenge facing the banking industry today.”
Most new players to the banking sector are tech companies first, built with a digital core and solely focused on the customer
- Michal Kissos Hertzog, CEO Pepper
Despite the clear threats, 56 percent of the survey’s respondents said open banking is also an opportunity for traditional banks to change and become more customer‐centric. “Incumbents have recognised they need to act to capitalise on the opportunity,” Ms Kissos Hertzog adds. “To compete with new players, traditional banks are increasingly looking towards adopting a digital core in which they can effectively make use of the data they own for the benefit of their customers. Banks with agile and lean systems that enable them to update their offering quickly and efficiently will meet consumer demands for more valuable, convenient and easy banking experiences. These will be the players that thrive. Those that don’t will fail to seize the opportunity of open banking.”
The major challenge that traditional banks face to innovating in the open banking age is the huge weight of legacy systems and processes they have to carry with them. Banks are huge and complex organisations, with many different customers and services. The move to cloud and the use of micro services and devops may have accelerated their ability to be agile, but fresh startups will always be able to change and adapt faster.
Non‐banks have promoted more transparent and competitive pricing to disrupt several markets including banking, foreign exchange and savings. Digital‐only platforms have also driven speed of adoption and the ability to expand into new geographical markets quickly. Revolut is one example of a company leveraging these advantages to expand at pace into all EEA countries, Switzerland, Canada, Singapore, the US and Australia.
By not having to worry about legacy infrastructure, non‐banks can be more efficient and proactive in their embrace of new technologies to gather customer and market insights. This allows the challengers to successfully break through the traditional finance market because they understand what their customers value, and have the dexterity to deliver new features quickly within an engaging user experience. As a result, banks are increasingly looking to copy fintech formulas as adjacencies to their core business, such as Bo, RBS’s challenger bank brand, rather than reform their legacy brand propositions.
“Open banking and PSD2 standards have led to the creation of new technologies that allow third parties to safely and securely access customers’ current account data at their request,” says Jake Ranson, who worked on the implementation of the world’s first live open banking journey with HSBC and is now chief customer officer at Freedom Finance, a fintech lending platform. “This means there’s a big opportunity for more fintechs to plug into traditional banks and build new services that are useful for customers.
Stephen Gailey, head of solutions architecture at Exabeam and previously head of information security services at Barclays, adds: “Retail banks have been very slow to change, as stability was more important than innovation for them. As that changes, they are embracing these new services so they can compete with the new breed of non‐bank offering services to their customers. They are rushing to improve online services to customers in an attempt to ensure that non‐banks do not gain too great a lead on them.”
New security measures enforced in PSD2 have placed financial services firms under even greater strain. Banks don’t have a great history with increasing security. Every new innovation is typically hailed as a major improvement to security and something that will help tackle fraud. But while the likes of chip and pin and online banking were supposed to defeat the fraudster, both instead have helped them become more effective.
PSD2’s introduction of Strong Customer Authentication (SCA), which forces anyone processing electronic payments to require a minimum of two independent authentication elements when challenged by a card issuer, may have the right intentions but the extra verification has also frustrated customers, leading many to abandon their shopping basket. The financial services industry has therefore faced the conundrum of how to secure payments and ensure PSD2 compliance while minimising disruption to the user experience.
As it stands, SCA dictates that any payment above €30 must be challenged, but this can be increased to €100, €250 or even €500 if the bank has a very strong fraud detection rate. For many, this has meant a pretty significant overhaul of their financial fraud detection system, so it can consume as much data about cardholders as possible and make more informed decisions on if a payment could be fraudulent and act accordingly.
Non‐banks once again have an advantage in this area because they typically have a younger, more mobile‐first and tech‐savvy customer base, making it easier for them to deploy app‐based two factor authentication. Traditional banks, on the other hand, typically have an older, more diverse customer demographic, with different levels of digital literacy, which makes it far trickier for them to roll out and enact any change.
Challenger banks can use smart devices as a second level of authentication
-Daniel Cohen, director of fraud and risk intelligence, RSA Security
“Not only are digital‐native customers used to verifying their identity on their smartphones, but challenger banks can also use these devices as the second level of authentication,” says Daniel Cohen, director of fraud and risk intelligence at RSA Security. “While it’s hard for traditional banks to find a solution that suits their more age‐diverse customer base, they need to work out a strategy that accommodates different consumer habits. This should include multiple authentication methods to ensure compliance across the board, such as biometric solutions for younger customers and more traditional authentication tokens like card readers for older customers.
As the number of digital payments and other financial services continues to skyrocket, there is no doubt that PSD2 will lead to improved services and security for customers. The most successful banks will be those that embrace rather than fear open banking, becoming software powerhouses in their own right. Considering the most profitable banking customers are aged 25 to 40, the need for banks to balance innovation, convenience and security in a way that minimises friction to users is crucial. Traditional banks will lose their foothold to non‐banks if they can’t meet these demands.