A Payment Service Directive 2 (PSD2), fully enforced in the EU in the wake of 2021, defines new regulated service providers that can enter the payment market, unitarily named as Third Party Providers (TPPs).
Under the PSD2, financial institutions can register two types of services for a license to offer. Firstly, institutions that provide PSD2 Account Information Services (AIS) can access specific customer account data to provide a service.
Secondly, institutions offering Payment Initiation Service (PIS) can initiate payments into or out of the user’s bank account(s).
TPPs require customers’ consent to be allowed to operate on users’ personal information and accounts. These services are made possible by PSD2 requiring banks to “open up” by implementing data sharing and account interactions into banks’ Advanced Programming Interface (API).
This article will focus on AIS, and the impact PSD2 brings to providers of such services.
PSD2 changes that enabled AISPs
Since PSD2 was introduced in January 2018 and then postponed until the start of 2021, this directive demanded banks create technical conditions, like banking APIs, to share consented customers’ data with TPPs.
It is also required for banks to allow customers the free choice of providers they wish to share account information.
The new directive has brought many changes to the banking sector. New services improve customer experience and create competition within the personal finance market.
Most of those improvements come from solutions and services developed by one of the new regulated institutions – AIS providers (AISPs). In this respect, PSD2 provides a level-playing field in the payment market for businesses to compete with banks and enables new apps and services to create a straightforward and more compelling consumer experience.
Difference between PIS and AIS
While the acronyms of these two regulated services from PSD2 are similar, their operations differ from the core. On the one hand, there is PIS, a business with a license to be a provider that can interact with customers’ bank accounts. They can initiate payment orders from or into the customer bank’s account when they request it and fill in the needed information.
It allows users to make a payment without using a credit or debit card. Still, just like any digital transaction with PSD2 in effect, it is subject to Strong Customer Authentication (SCA) requirements. Notably, PIS providers cannot access users’ account data such as balances or history.
On the other hand, PSD2 defines AIS as ‘an online service to provide consolidated information on one or more payment accounts held by the payment service user with either another payment service provider or with more than one payment service provider’. AISPs can collect specific customer account data needed to provide services. However, they cannot interact and initiate payments from those accounts.
The main idea behind AIS is to provide the user with centralized access and view of their financial data. It provides users with easier and more effective money management, financial forecasting, price comparisons, and similar tools.
The access AISPs have to bank accounts
As noted earlier, AISPs can only access the customer’s account data if the customer gave explicit consent to the provider. Furthermore, the European Commission makes it obligatory for AISPs only to have access to data that customer authorizes to be used and which is relevant for the services to be provided.
Customers can opt-out from providing information they do not wish to share, only using specific services from AISP that are operational with consented data. Therefore, AIS customers remain controlling their data, guaranteed maximum security and privacy protection with requirements PSD2 bring to the market participants.
Companies that become AISPs
PSD2 opens up the EU payment market, curbing the monopoly banks had, providing an attractive opportunity for new players to enter. Providing AIS is of interest to various companies, such as payment, e-money, lending, and personal finance institutions, and new FinTech companies who could build their whole operation on the AISP model itself.
Improvements and abilities AIS brings to companies
E-money institutions, for example, use AIS to allow users access to all of their financial data and account information in one place, therefore increasing time spent on their platforms. Personal finance advisors could use AIS to better present and familiarize their customers with spending habits. Additionally, AIS allows for better financial advice as it allows a full view of the user’s finances, expenditure, and income.
Improvements to customers
New changes PSD2 brings to the payment market make it more secure and easier for consumers to access their financial and accounts’ data. AIS enables consumers centralized, easy-to-use finance management.
Implementation of SCA helps improve security, as it became much harder to access financial accounts and send transactions without proper authorization by the customer.
Seeking financial advice is also now more accessible. All the relevant information for advisors to analyze and create solutions can now be reached instantly.
Easy access is also ensured when getting a loan. Once the customer gives their consent, the lending institution digitally receives all the data needed from an AISP. It saves users from tedious paper-based tasks like receiving and sending account statements, salary slips, and other required documents for a credit check.
What to look out for when consenting to an AISP?
When a consumer decides to consent to an AISP, it is best to research the relevant institution. Laws require licensed TPPs to provide Terms of Service (ToS), their name with an identification code, registered office address, and contact information like phone and e-mail addresses. This information can be verified on a website of the respective country’s supervisory authority.
The consent given to an AISP can be revoked at any time, with a click of a button or by contacting the institution. The consumers are also advised to check if data they consent to share will be given to any other third parties and, if needed, refuse such sharing.
Licensing of AISP
AISPs require a license to be allowed to operate within a country. The requirements enforced by PSD2 are less strict on AISPs than PISPs, but they are still subject to all the rules relating to payment service providers (PSPs). AISPs have no capital requirements, but they have to hold professional indemnity insurance (PII).
AISPs are subject to account access, security requirements, data protection and storage, information sharing, open communication requirements covered in PSD2. Providers have also to make sure of data protection capabilities. The license to become an AISP could go over 5000 euros.