the worrying fragility of psd2

Slide 1

ADEN DAVIES @ADEN_76 @FINTECHBOTTHE WORRYINGFRAGILITY OFPSD2

Hello. I am Aden and I want to talk about my favourite bit of European Parliamentary legislation and my worry over its wellbeing. PSD2 is the second iteration of the Payments Service Directive a series of proposals to change to European law around the movement of money and transaction data. It will change the way we bank and I really want it to be successful in doing so. 1

What is PSD2

a more integrated and efficient European payments marketlevel the playing field for payment service providersTHE WORRYING FRAGILITY OF PSD2 @ADEN_76 @FINTECHBOTPayment Initiation Services & Account Information Services

Here is the legislative beauty. 90 odd pages of almost impenetrable legalese. Its stated purpose is to make a more integrated and efficient European payments market. And to level the playing field. What it means really is to kick banks assess to open up data and cut out dominant middle men from payments. It will introduce two key things. PIS and AIS. 2

Today - Taking the PISTHE WORRYING FRAGILITY OF PSD2 @ADEN_76 @FINTECHBOT

MerchantCard Details

AcquirerPayment Request

Card Scheme

Issuing Bank

PAID

Let me try and explain. Ada wants to buy the complete works of M.C. Escher, she takes out her Mondo card (she strickes me as a mondo user) and she inputs her card details into Amazon. The payment request goes off to the acquirer, worldpay this is routed through the card scheme in use, MasterdCard here and then to Adas bank that issued her card. Money sent back for payment to amazon. Amazon keeps the card details on file. Repeat ad infinitum for other merchants. 3

Tomorrow - A piece of PISTHE WORRYING FRAGILITY OF PSD2 @ADEN_76 @FINTECHBOT

MerchantInitiate

Issuing BankPermitted Payment AllowedConnect Request - TokenPISP

In the new world of PIS. No card details are exchanged. Instead a token based connection is made, The merchant makes a request to Adas bank / card provider for a token based relationship to be formed. This then creates a direct link to Adas account. Unique to the merchant. Ada is in full control. A failing at the merchant means she does not have to cancel cards. The merchant must be licensed in some way to be able to move money in this way. They will be known as PISPs. This change also cuts out all those other pesky mainly American card scheme and allows new players to emerge, it also starts to make current accounts more platform like. 4

Today - A pain in the AISTHE WORRYING FRAGILITY OF PSD2 @ADEN_76 @FINTECHBOT

Download PDFLogon

LogonDownload CSV

Scrape DataLogon Details

Lets now take a look AIS. Here Crow, who is very organised with his finances as he is saving for a curse lifting procedure, Crow has his main account with Barclays and he downloads the transactions manually every so often in CSV format. Crow has a credit card with HSBC and he downloads his transactions in the bloody useless format of PDF because reasons. He swears. He also has a joint account at Lloyds with his crow lover. This is a semi automatic download and he has given his password details over to money dashboard to scrape his transactions. He is a reckless maverick. He then munges all this data together and manages his money the best he can. He caws with disdain regularly and walks around seemingly aimlessly. 5

Tomorrow - Kick AISTHE WORRYING FRAGILITY OF PSD2 @ADEN_76 @FINTECHBOT

TransactionsAuth - Token

Auth - TokenTransactions

TransactionsAuth - TokenAISP

No more pain in the brave new world my Crow friend! Similar to the payment relationships, in the future banks will have to provide an automated and much safer less painful means of transfer. Like the way you would connect your twitter account to a third party app. The consumers of this data must be licensed ins some as yet undefined way. These new information aggregators will be known as AISPs. 6

EU must be compliant by Jan 13th 2018PSD2 came into effect Jan 12th 2016THE WORRYING FRAGILITY OF PSD2 @ADEN_76 @FINTECHBOT

Now I dont know about you but these changes are exciting. AISPs and PISPs could effectively replace a lot of functionality of exisiting banks and allow for some hopefully much richer, simpler, more interesting interfaces, experiences and services. The rules were signed into European Law at the beginning of the year and the EU members must all be compliant with the proposals by the start of 2018.but all is not pelvis thrustingly awesome.although to continue the theme slightly7

Laws interpreted by 28 countries!THE WORRYING FRAGILITY OF PSD2 @ADEN_76 @FINTECHBOT

Now as we saw last week, Europe is a beautifully diverse set of countries who interpret things in many ways. When it comes to PSD2 and the need for some solid standards for APIs, communication and security variation and creativity might not be the best thing. The directives need to be transcribed by all 28 EU members into local laws, in the UK this will be part of the Payments Services Regulations.

8

and technical guidelines 18 months behindTHE WORRYING FRAGILITY OF PSD2 @ADEN_76 @FINTECHBOTAll done by 2Q 2019?

There is another hitch. There are will be some Regulatory technical standards., RTS for nine areas relating to these changes. The key ones being around communication methods i.e. APIs and strong customer authentication to allow these functions to work. These things are not published yet. They are due this summer. The final ratification of the standards though could take 18 months. The EBA are confident there will be enough published in time for solutions to be created to meet the deadlines. This feels like shaky foundations to me.9

From the makers of these bloody things...

THE WORRYING FRAGILITY OF PSD2 @ADEN_76 @FINTECHBOT

Because we do not want the kinds of people that bought you these bloody things to be cobbling together technical standards that will drive the future of banking. We must not let those that forced the situation of today be in charge of the situation of tomorrow or we will end up with some very uncomfortable solution.10

From the makers of these bloody things......comes strong customer authentication


Because we do not want the kinds of people that bought you these bloody things to be cobbling together technical standards that will drive the future of banking. We must not let those that forced the situation of today be in charge of the situation of tomorrow or we will end up with some very uncomfortable solution.11

Death to scraping!THE WORRYING FRAGILITY OF PSD2 @ADEN_76 @FINTECHBOT

The lack of easy access to payments and more importantly data has forced awful workarounds that put brave users at risk and stagnate change for the mainstream. Scraping is a necessary evil and I hate that it has to exit. Thankfully PSD2 sounds the death knell for scraping banking data or at the very least ensures better methods will exist.12


Thankfully our own fine land is on it. We have the Open Data Institute pulling together some open standards and bring lots of people to the party, we also have the competition markets authority this week demanding that APIs be ready by Q1 of next year in the UK for certain types of data. I do hope they have the power and the skill to make this happenalthough I do have minor concerns about fragmentation of standardsand it is adding yet more committees and requirements and words to the debate13

THE WORRYING FRAGILITY OF PSD2 @ADEN_76 @FINTECHBOTOSI vs TCP/IPAPPLICATIONPRESENTATIONSESSIONTRANSPORTNETWORKDATA LINKPHYSICALAPPLICATIONTRANSPORTINTERNETNETWORK ACCESSOSI is a beautiful dream,And TCP/IP is living it! Einar Stefferud

Which is bringing to mind the classic battle of the Open Systems Interconnection reference model and Transport Control Portal and Internet Protocol. OSI was debated and designed to the nth degree, technically perfect and backed by regulators, industry, engineers alike.but it lost to something simpler yet flawed. This quote from one of the god fathers of the internet sums it up perfectly. I worry PSD2 technical guidelines will drag on because someone wants to make it a beautiful dream. 14


Meanwhile companies with real vision are living the dream. Brilliant UK based companies like Currency Cloud have shown what real platforms and smart APIs can build, Go cardless made direct debit easy, Mondo and Starling are both building for API driven worlds with current accounts as a platform. Thankfully some bigger banks are there too, BBVA with their open platform and Citi with their mobile API challenges. 15


Companies like Stripe have proven the power of treating APIs like products, making the developers real customers and making it easier than ever to make things involving the movement of money. They have raised the standards of the industry ten fold, pushing PayPal to buy Braintree, Mastercard and Visa to relaunch and redouble their API efforts regularly. These are the kinds of people I want to ensure are involved in the design of solutions for bankings future. 16

Mention Xignite API revolution? http://resources.xignite.com/h/i/138320575-xignite-21-innovators-join-forces-to-launch-the-fintechrevolution-api-ecosystemMore ecosystem building. More webs not walls. https://uk.pinterest.com/pin/294422894361212771/THE WORRYING FRAGILITY OF PSD2 @ADEN_76 @FINTECHBOT

Another nice little example that I like is Xignite. They provide market data with lovely APIs, they are building out an ecosystem of parties who all provide data in this same way. More ingredients to build more things. Fintech companies coming together to build something greater than just they themselves ever could. My utopian hippy self wants far more openness and collaboration between financial services firms for the benefit of people who want to make better things. 17

THE MOST VALUABLE COMMODITY I KNOW OF IS INFORMATION

GORDON GEKKOCORPORATE RAIDER - JACKSON STEINEMTHE WORRYING FRAGILITY OF PSD2 @ADEN_76 @FINTECHBOT

Because we need to challenge the stereotypical attitude of the banker, they are by no means all like this but still the attitude to PSD2 is this is our data we wont make it easy for those bastards to just come in and steal our customers because we are shit at making decent interfaces. They need to see that decent APIs will benefit their own developers over anyone else. People being able to make things faster than ever before. The smart ones know this, they know they no longer own the customer but that they need to integrate well into the customers whole financial relationship. 18


REGULATIONFOMO >

Ultimately I want to see the innovative players drive the market. Yes the regulation is welcome and needed. But what will really make the incumbents move is a mixture of regulation and the fear of missing out. Missing out on how banking will work tomorrow, how easily new players launch products and services, how easily business models are mixed and remixed and how their customers bank with the companies that fit into their lives the best. 19

AN ILLUSORY ADVENTURE OF IMPOSSIBLE ARCHITECTURE

AND NO FORGIVENESS

PLEASE LETS NOT FUCK IT UPTHE WORRYING FRAGILITY OF PSD2 @ADEN_76 @FINTECHBOT

PSD2 does feel like an illusory adventure of impossible architecture.but is certainly a challenge worth facing but unlike Ada there will be no forgiveness if this does not pan out the way it should. The people who have suffered rubbish banking have suffered long enough. Please lets not fuck this up. 20

Hire me/help me get hired. Photo of the boys holding a hire my daddy he is not a complete idiot sign?

Website Linked inAden_76FintechbotShow my old tweet? URL to the slides publish beforehand.URL to the write up not slideshare. But there as well.

T.HANKSTHE WORRYING FRAGILITY OF PSD2 @ADEN_76 @FINTECHBOTSlides etc.http://bit.ly/ustwo-AD76

Thanks very much for listening. Slides and what I was meant to say are published here, I have also included a load of links to more reading material used to make this presentation. If anyone wants to hire me based on my awful presentation puns and passion for European regulation then please do let me know. Cheers.21

the worrying fragility of psd2

Technology