Merdihan Ismailov, Chief Digital and Information Director, IRIS SOLUTIONS:
Open banking and instant payments enable payments in 10 seconds
Mr. Ismailov, what will change in the area of payment security PSD3?
We still only have a proposal to change the current Second Payments Directive PSD3. The documents from the European Commission are in discussion before they will be voted on. In practice, the introduction of the updated payment directive will be delayed over time, because numerous by-laws will be updated along with it. The time period for entry into force is 18 months after its vote.
PSD2 took an extremely big step towards increasing the security of the countries participating in the process. It introduced clear rules for the protection of payers and commitments to issuers of payment instruments. Of course, the introduction of Strong Customer Authentication (SCA) or the introduction of obligatory two-factor authentication already help the significant drop in unauthorized transactions. This is an unqualified success of the Second Payments Directive. Therefore, in this direction, the update proposal does not include significant changes. But still there are those who aim to achieve even more secure payments in Europe. These are for example:
- New regime and requirements when assigning SCA;
- Provisions to improve the accessibility of SCA for all customers, including the disabled, the elderly, people with less digital literacy and those who do not have access to digital channels or a smartphone;
- Service providers will be required to have transaction monitoring mechanisms in place to ensure SCA enforcement and improve the detection of unauthorized transactions;
- In the case of credit transfers, the payee's payment service provider checks free of charge, at the request of the payer's payment service provider, whether the unique identifier and the payee's name match or not. It then communicates the result to the payer's payment service provider. If the unique identifier and the name of the payee do not match, the payment service provider shall notify the payer of any discrepancy and inform him of the risk.
The other main subject in PSD2 is open banking, whereby third-party fintech companies can gain access to banks' clients data? Why is this
important when many end users believe they should not have their data used by organizations with which they have no affiliations?
The answer to this question is hidden in the essence of open banking and why all participants in the process of its introduction and distribution in the financial markets fail to make it popular. The main purpose of open banking is to present access to the real owner of this data. This is the customer of the financial institution. Before open banking, customer data was locked away in financial institutions' systems and access to it was tied to the institution's willingness to provide access to it. This only happened in channels and services controlled by these institutions.
One of the main reasons why open banking is not widely used by all users is that not enough effort has been made by all actors to explain that access to this data is not unlimited. Not everyone can access to your bank details.
The data is accessed only and only after the express consent of the account holder in the bank, and this is confirmed by the same method and level of security with which you approve a payment, namely by means of two-factor identification. It is the task of companies like Iris Solutions, but not only banks, the media, non-profit organizations and regulators, to educate people. It is important to avoid this misunderstanding and distortion of the truth that open banking implies uncontrollable access to their data.
Banks have been fighting for the client’s data for years, how can you guarantee that data, identification and payments are secure ?
Data in banking systems is our data. They are related to what transactions we have made, what we have paid, where we have transferred funds, where we have received funds from. It is our most natural right to have access to them. It is a user right to be able to handle this data in the way I want, to share it with third parties and to receive benefits for it. I would even answer quite provocatively - why do you think that the rest of the parties receive the data ready, when actually the bank receives it ready only because my employer required me to have an open account with them? As we know datais the most expensive resource at present, and the bank does not in any way reward me for choosing it as my bank. And they use them in various analyses, create new products based on them and profit from it.
I'll give you an example - which bank would you turn to for a loan if you needed it?
Of course, to the bank where you have an open account and receive your income. Based on these and other additional data, the bank will make an assessment and offer you certain price conditions. But if as a consumer I decide they don't suit me and I go to another bank for the same assessment, then that bank won't have access to my transaction history from the bank where I get my salary. This puts the second bank in an uncompetitive position. She doesn't have access to the full picture for me and therefore I won't be able to get the best offer.
Imagine that I have accounts in several banks. How much easier and cost effective it would be to give access to their data to any one or even another and have them compete to get me as a customer.
Banks have always claimed to have a 360-degree view of their customers, but the reality is quite different. A large part of bank customers use financial products from the fintech industry, which successfully compete with banks. РOthers have accounts at various banking institutions. A truly complete picture for a bank customer is only possible through open banking.
Open banking actually improves the competitive environment in the financial business. This reflects in better, easier and cheaper services for end users. Therefore, no one in these circles is under the illusion that it is superfluous or doomed to failure. Any business can benefit from access to bank data and leverage it for revenue generation and innovation.
Regarding security in open banking, when sharing data, there are only two parties who have access to it. These are the bank, the bank's customer and the recipient that the bank's customer has authorized to receive them. Third party providers such as Iris Solutions are not regulated by law to access the data and should only ensure the safe and easy transfer. Your data falling into unauthorized hands through open banking is only possible if you provide access to them. In the case of payment operations through open banking or the so-called account-to-account type transactions. The level of security is the same as if you initiate transactions on the Internet or your bank's mobile banking.
What are the innovations in this field to make payments easier and more secure?
Open banking or account-to-account payments are not new to the market, they use the available national and pan-European technological infrastructure for credit transfers.
Until recently, the technology behind them did not allow them to compete with card payments in terms of their speed and ease of use. But with the introduction of instant payments, this is now different. The combination of open banking and instant payments allows you to settle with the counterparty and have the funds available in the account within 10 seconds.
The payment process is neither more difficult nor less secure than card payments PSD3 will make A2A payments even more attractive. Until now, the third party could not easily verify whether the customer's account had the necessary amount of funds to cover a payment. With the change, every bill issuer is obliged to provide this information, which will increase the efficiency of this type of payment.
An example of the successful use of account-to-account payments is the Dutch Ideal system,which has been on the market for almost 20 years, long before open banking, and serves about 25% of payments in the country. Emboldened by the success of this and similar schemes, the European Commission, through the European Banking Authority and national regulators, is increasingly devoting resources to making open banking payments attractive. It becomes possible to introduce new methods such as mass payments, payments with a future date, periodic payments, which will lead to their faster penetration in all markets.
We're all talking about Embedded Finance and how it will change the way we bank. Reality shows that through open banking is the fastest and easiest way to make this happen.
In recent months, we have been trying to impose a single name for A2A payments through Open Banking in the country - "Pay by bank", which we hope would gain its familiarity like the card payments.
Why are legislative developments like PSD3, Financial Data Access and Payments Package, and Digital Euro advancing together as a package?
PSD3 and FIDA are linked, as Financial data access regulation is actually the next level after Оpen Бanking. The goal of this legislative initiative is to grow open banking data into Open FinanceIn this way, data owners across the financial industry will be able to share data about their banking products, insurance, pension accounts, investment accounts and more with third parties, and to receive new financial and non-financial services based on them. Imagine what that means? This is a complete 360-degree view of the financial products used by a customer. How much more valuable would this be as information when you want to get the best, fastest and most cost-effective product for you.
Therefore, it is more than normal for the two packages to go together, even though the approaches chosen by the regulator to manage Open Banking and Open Finance are totally differentMy expectation is that in the future this will create difficulties in the joint implementation of the two initiatives. But the long-term perspective before us is set, and it is pan-european open data. In accessing bank data, the ideology of openness and freeness was preserved. With Open Finance, given the characteristics of some of the data, the principles of the European Data Act are followed more closely, where a financial benefit is also sought for the party storing the data. Financial institutions will be able to charge fees to parties accessing the data and monetize their data.
In the initial stages of introducing the digital euro, regulation was seen as separate and expected to have a life of its own. Mainly due to bureaucratic obstacles, its introduction was delayed and was presented together with the other two changes. To some extent, this seems reasonable given the digital transformation they all bring.
You're likely frequently questioned about the advantages of open banking for customers in particular and how it alters the ways in which we pay or utilize our data, cards, bank accounts, and digital wallets?
We have already mentioned a large part of them. But the first and most important is that it gives access to the bank data of its real owner - the bank client. The customer decides whether to use them and receive benefits from themOpen banking enables various fintech institutions to create innovative products, optimize processes and functionalities. It increases the competitiveness between financial solutions and obtaining financially more profitable products and services from end customers.
We are partners with a number of industries that are using Open Banking in their operations. These are accounting software and ERP systems, PFM-software for personal financial management and financial literacy, analysis of credit and other types of risks, loyalty programs, e-commerce and many others.
The big surprise for us is that an industry like accounting, perceived as conservative in nature, is an innovator in the field of Open banking. Already with 70% of accounting software in the country, it is possible to monitor the movements of bank accounts from different banks and to order transfers from them without the need for the accountant to access the digital channels of the banks separately every day. This front-end access to bank data allows accounting software to automate a significant portion of accounting operations using machine learning and artificial intelligence. Most loyalty programs are based on your transaction history with a card product. Open banking is helping significant development in this business activity. It enables similar programs to be implemented at the interbank level and for end users to benefit from the preferences of a given merchant for all their transactions, not just for those with one issuer of a card product.
In the area of payments, when they are organized through open banking you have a much faster, more secure and more cost effective service. For example, a payment from a customer to an online merchant through open banking can be between 2 and 5 times more profitable for the merchant.
What are the levers for influencing the banking market while simultaneously protecting its stability, and how does the BNB participate in and regulate the directive implementation?
The BNB, in its capacity as a national regulator, is an integral part of the processes related to the introduction of the changes under the updated Payments Directive, as well as partially in the other two. If we look at open banking in particular, we should mention that our national bank has built a serious team and knowledge through which it manages the processes in the country. It exercises very strict control over both account servicing providers and third party providers such as Iris Solutions. Very often during our international participations we proudly share and also receive admiration from companies in other countries for their commitment to open banking being well developed in the Bulgarian financial market. A large part of the updates in the new payment directive have already been commented on by the BNB. The are directed as a requirement for introduction by local ASPSPs - not only banks, but also payment institutions.
While two or three years ago, it was mainly discussed how available the public interfaces of the providers of service accounts are? Today the focus is now their quality and how useful and easy the services delivered through them are for end customers, so that they become more and more popular.
The regulatory SANDBOX a pressing issue that hasn't moved for years. What needs to happen for innovation to happen more quickly in the fintech industry and the financial industry at large?
This is a big topic that unfortunately has no development. Large part of the countries around us have introduced a regulatory sandbox, which clearly corresponds to the degree of development of their fintech industries. The ability to pre-test all of the regulator's services will put every industry on a completely different playing field. This will significantly increase the competitiveness of Bulgarian startups and turn our country into an even more attractive destination for payment business development. As a member of the Bulgarian Fintech Association, Iris Solutions consistently supports the initiative to structure a regulatory sandbox and we strongly hope to have a solution soon. The regulatory changes from the European Commission should make our regulators and government institutions think even more about creating such a controlled environment. This is important for the development of innovations in the market, but also the acquisition of additional knowledge from them about the different types of fintech services, products and their benefits for end users.