Reading up on the latest developments in PAAS I experienced a very strong deja-vu feeling: the banks are not in a position, nor do they want to be apparently, to create a common interoperable standard together while true interoperability is critical to the success of PAAS. I have seen this happening all before with SEPA CSM interoperability (see Half-baked CSM interoperability, SEPA: a Missed Opportunity for True Payments Standardisation). Will history repeat it self again?
Background: What is PAAS?
- The update of the Payments Service Directive – a.k.a. “PSD2” – introduces Payment Account Access Services (PAAS), also referred to as “Access to the Account” (XS2A).
- PAAS will allow so called Third Party Providers to gain access to the bank accounts at an Account Servicing Payment Service Provider for information retrieval like balance checks and related customer information and last but not least payment initiation. With PAAS it is expected that it will become easier for providers to offer payment services to merchants and consumers.
- Customers are to give consent in an express manner to TPPs to access their payment account and initiate payments on their behalf.
- The European Banking Authority (EBA) is given the task by the ECB to develop, in close collaboration with the ECB, ‘common and secure open standards of communication’.
- PAAS is only in an early phase of development, much work is still to be done. Large scale deployment of EU-wide standardized services is expected to take considerable time.
Earlier coverage at RPD
I have been posting on the subject at Red Planet Dust a few times and these posts are among the most read posts:
1) PAAS cannot be seen apart from the developments in payments value chains, the app and browser based networked interaction between economic agents. The changes in payments value chains as part of a changing reality between economic actors in our networked society have been covered as well (see:PAAS gateway to MintChip or Ripple-like transaction networks?);
2) PAAS could proof an opportunity for the banking community, leveraging their core asset of the payment account.
Conditions to make PAAS a success
PAAS offers opportunities when defined, implemented and governed in an adequate manner. Many aspects of PSD2 are still unclear. The PSD2 does not sufficiently cater for interoperability on its own. To avoid the risk of fragmentation interoperability will need to be established by regulation as mandatory for all.
Standardization is key to the effective and scalable implementation of PAAS. A ‘standardized interface’ to bank accounts should be offered by banks for which independent service providers or developers can create products and services. Industrywide standardization of a European interface for payment account access – will create benefits for all involved:
- Create scheme: Business rules, including technical and operational arrangements could be defined in a PAAS payment scheme to which all actors should adhere mandatory;
- The governance of and compliance to the standards will have to be organized by a designated body or party or, alternatively, these aspects can be included in the PSD2 which needs to be transposed into national law;
- Establishing (implicit) contractual relations between „Banks” and TTP’s/PSP’s involved in the payments chains – creating a legislative and supervisory framework preventing the necessity of bilateral contracts between all parties involved;
- Detailed technical API library to be described in an interface framework including security features to allow for interoperability, most notably between TTP and AS PSP;
- A EU-wide method for establishing Strong Consumer Authentication balancing a seamless user experience and technical/security features between TPP, AS PSP, merchant and buyer.
Looking at the stakes involved for banks and the competitive, contractual and technical environment involved the industry aspiration with PAAS should be to create effective interoperability which can – in my view and based on my experience – only be established if the area of „cooperation” is maximized and mandated to all.
Providing a standardized controlled access to the bank account can help reduce and simplify the multiple layers observed today and are expected to provide new value to both banks and alternative providers. If the conditions for interoperability are not met banks will become less relevant as the third parties will create accounts themselves.
The crucial interest for banks to create e.g. PAAS is to prevent substantial fragmentation, create technological interoperability and contractual arrangements between parties arranged at scheme or even regulatory level.