The deadline for banks to implement the EU Payment Services Directive PSD2 fell on 14 September 2019, according to which banks are obliged to offer so-called “account information services” and “payment initiation services” with strong authentication to third-party providers.
Given that many of our customers use our public APIs and strong push authentication solution for this purpose, why not join them and seize the opportunities of Open Banking as a bank and become a third party? Banks and financial service providers can implement “account information services” and “strong authentication” using a basic multibanking module, and they can expand this module at any time to include additional functions that offer private and business customers an even greater level of convenience and transparency.
The date of 14 September 2019 is also significant as it signalled the end of iTAN lists. There was no need for customers to shred their iTAN lists; they became immediately invalid and useless to those seeking to access funds by fraudulent means. Now, mobile and photoTANs are the norm. As such, financial institutions are implementing the strong authentication as required by the EU Payment Services Directive PSD2. It stipulates that, in online banking, customers must identify themselves using two credentials. These can be from three categories – something that only the customer knows, e.g. a password or PIN, a smartphone or a bank card, and biometric characteristics such as a fingerprint or face. While iTANs may have covered the basics, they were static and lacked the dynamic element. Conversely, mobile and photoTANs meet this security requirement because the transaction numbers are generated automatically.
Banking across accounts and financial institutions
PSD2 obliges banks not only to protect customer accounts with strong authentication procedures, but also to ensure that banking becomes more transparent and convenient. Whether it’s a case of PayPal, Google Pay, an online savings account or the balance sheet in the RoboAdvisor of a fintech, the aim is to enable customers to view all transactions and account balances via one single online banking application. To do this, institutions must open their online banking to third-party providers and aggregate accounts, and they can do this by using multibanking software. The software either connects to the existing online banking system via a set of interfaces or the software serves as a platform for a new portal that contains all functions.
Security also plays an important role when connecting to third-party providers. With our portal, banks offer their customers secure international multibanking services given that data and messages are transmitted only via secure communication protocols such as EBICS 3.0 or XS2A. Once logged in, the user accesses different banking portals within a protected framework without having to log in again. Furthermore, we use the standard EBICS VEU/EDS (Distributed Electronic Signature), and also for non-EBICS protocols.
Open Banking with the aggregation basic module
If, as a first step, banks want to offer account aggregation for their customers, the basic aggregation module is all that is needed to get started. With this, customers can get a flavour of Open Banking as their account statements from external banks are imported and processed. In addition, they can receive electronic documents and invoices and they are aware of their financial situation, including incoming payments and wealth, thanks to detailed and easy-to-understand data visualizations. This makes it easier for them to manage their finances as well as plan their income and outgoings in the best way.
Ensuring an optimum level of convenience and the protection for customers demands a lot of technological effort from the institutions; they have to implement the API for the multibanking solution and connect it with their core banking system. In addition, there must be a process in place that enables customers to permit a third-party provider to access account data. Of course, they can only gain access with the express consent of the account holder. After all, PSD2 applies not only to the private customer business but also to the corporate customer business. Bringing all this together is anything but trivial. For business customers, specific roles and rights must sometimes be recorded and lodged with authorised representatives. We respond to this demand by combining retail, private and corporate banking in one solution.
In addition to the basic aggregation module, the additional payment module is also designed for private and corporate customers. It allows payments to be initiated directly from online or mobile banking, and provided they have suitable interfaces, the solution processes and transmits these payments to all connected banks. Payment orders are clearly displayed, and foreign data formats can also be incorporated into the system as required. Also, business customers can centralize and automate their company-wide payments via the portal.
Liquidity management for corporate customers
The liquidity module is specifically suited to meet the needs of corporate customers. Banks can provide them with a tool with which they can monitor liquidity and planning data as the foundation of good financial control. Corporate customers benefit from precise forecasts based on future and recurring payments. As such, the module enables them to manage their liquidity effectively and efficiently. This module is a good example of how banks not only implement regulatory requirements by using an open platform, but also create added value for different customers. As is so often the case in life, it is a question of perspective: Those who make a virtue out of necessity gain a valuable competitive advantage for themselves.
You can find an overview of all the functions and customer benefits of our multibanking our product brochure, which you can download today!