If you thought 2018 had far-reaching consequences for payments, what with the introduction of the Revised Payment Services Directive or PSD2, then 2019 may well be the year that the rubber really hits the road as payment regulations start to make an impact
In the words of Winston Churchill, “It is not the beginning of the end, but the end of the beginning.”
In the opening days and months of 2018, there was much ado about the 13 January deadline for the Revised Payment Services Directive, or PSD2, being transposed into the national laws of EU Member States. However, not all EU member states complied with the deadline. As of November 2018, the Netherlands and Romania had not yet transposed PSD2, while Malta had partially transposed PSD2 and Spain was about to at the time of publication.
Five of the UK’s nine main banks also had to ask for an extension to the January deadline to open up client account information to authorised Third Party Providers or TPPs. Open Banking hasn’t quite lived up to its lofty expectations yet. “It hasn’t got there, because the technical capability hasn’t existed and there is still an unknown as to when this thing is truly going to open up,” says Modulr’s legal counsel, Richard Buckley.“However, 2019 could be much more interesting.” So what’s in store for next year? We’ve highlighted six things we think should be on your radar in the coming year if you’re serious about payments.
- Brexit or No Brexit?
The elephant in the room, of course, is Brexit. Unless you’ve been hiding under a rock for the past 18 months, the UK is scheduled to leave the European Union on 29 March 2019. If it leaves on the basis of the withdrawal deal that the government has already negotiated with the EU, which still hadn’t been passed by the UK parliament at the time of writing, then UK financial services firms should have ‘passporting’ access to the EU till the end of the transition period in December 2020. If there is no deal by the 29 March 2019, then UK firms will lose those passporting rights and won’t be able to provide financial services to EU countries unless they open an EU subsidiary or they may have to relate to an “equivalence regime” of some sort where countries recognise each other’s standards, but do not necessarily have the same rules and regulations.
- Expect to hear more about PISPs and AISPs in 2019.
PSD2 created two new classes of payment services: Account Information Service Providers (AISP) and Payment Initiation Service Providers (PISPs). AISPs offer account aggregation services so customers can get a single view of all their payment accounts via one site. PISPs are an overlay payments provider that can initiate a direct bank transfer from a customer’s account with another payment service provider. Both services require the consent of the customer. According to the Financial Conduct Authority’s (FCA’s) online registry as at December 2018, there were 58 registered AISPs (aggregation and money management services, lenders, credit-scoring agencies) and 22 PISPs (payment service providers, collections, cash management software) in the UK. So how come we haven’t really heard much about these services yet? Although payment initiation services started in 2018, it will be next year  before they realise their potential as further enhancements are needed to make it more usable for businesses; similar to how payment initiation services currently work is that customers must give their consent to each payment at the time it is initiated on their behalf. Next year, however, customers can consent to future-dated or recurring payments being set up, which will enable more use cases.
- More open payment systems, but a greater focus on security.
With all the innovation that is taking place in payments, regulators are keen to ensure that the security and stability of payment systems is maintained. So, on September 14, 2019, Strong Customer Authentication will come into effect across the EU. SCA is one of PSD2’s Regulatory Technical Standards (RTS). SCA means most payments conducted via an electronic channel must be authenticated using two-factor authentication: a combination of something you know (password); something you have (a device or security token); or something you are (fingerprint). There are some limited exemptions, but expect to see changes in online payments, particularly for cards. Under SCA, traditional methods of authenticating card payments online (card number, CVV code and expiry date) may no longer be acceptable, and users are likely to need to additionally authenticate via another method as well for many card transactions.
- A New Way to Pay That Puts the Customer Back in Control
Pay.UK, the new retail payment authority is developing standards for near real time Request to Pay (RtP), which will be “competitively launched” in 2019. RtP is designed to give consumers with variable incomes — for example, those working in the gig economy — greater control over when and how payments are taken by utility companies and merchants from their account. For each payment ‘request,’ customers can make a payment in full, pay in part, ask for more time, communicate with the biller, or decline the payment. “RtP will not replace, but will complement more familiar options such as Direct Debits and has great applicability for some use cases where payment patterns need to be more real time, variable and responsive to changing situations,” says Wadia. There are, however, some outstanding questions that need to be resolved before RtP goes live. For example, how do you ensure you don’t get fake RtPs? Verification and oversight of participants in the scheme are at the forefront of items being discussed by the Pay.UK RtP Advisory Group of which Wadia is a participant.
- More banks to publish APIs
In 2018, most banks weren’t really ready for the new world of Application Programming Interfaces or APIs, which allow payment service providers to more easily access customer account information and provide new services under PSD2. Is that likely to change in 2019? “We will see more banks, beyond the CMA9 in the UK, publish open banking APIs next year,” says Wadia, “What is an open question is whether standards are going to develop more widely across Europe. We don’t want 27 different competing standards across Europe.”
- Critical mass still not there for blockchain and cryptocurrencies
The blockchain is being touted as a faster, cheaper and more transparent alternative to traditional payment networks for cross-border payments. So, will 2019 be the year when blockchain in payments really takes off with proofs of concept moving out of the lab and into the real world? “There are interesting developments in using blockchain with Stablecoins for payments,” says Wadia, “but the mass adoption use case at the moment isn’t there yet. Regulatory views also need to develop first. It’s still a watching brief on both blockchain and cryptocurrencies.”