Although the second Payment Services Directive already entered into force in most European countries in January 2018, its most important effects for banks and payment service providers will arrive in September 2019, when the regulatory technical standards on strong authentication and access to payment accounts will take effect. For banks, obliged to provide access to their customers' payment accounts to new players regulated under PSD2, it is a small revolution and also a first step towards the concept of open banking.
For third-party providers or TPPs in PSD2 jargon, this connection to banking data is a huge opportunity for new customer services but can also be a nightmare due to the diversity of connection, registration and access standards, and the strong security and data protection levels used by banks.
In practice, third party providers are granted access by PSD2 to the final customer’s payment accounts, in order to retrieve account balances and transactions as well as to initiate payments from this account, provided that:
• The TPP is approved and supervised by a European banking supervisory authority (CSSF in Luxembourg);
• The final users have given their consent to the use of their financial data or the initiation of payments on their behalf.
On their side, banks must offer access to payment accounts:
• Through an interface, usually called API (application programming interface), which will regulate and secure the exchange of data;
• With 24/7 availability and robust infrastructure and the ability to offer the same service level to TPPs as they provide to their customers via web or mobile banking services;
• Without any discrimination or additional requirements compared to the data available through the interfaces used by clients (web or mobile banking services).
The management of all these “rights and obligations” for PSD2 stakeholders is at the heart of LUXHUB's activity, which will offer the following services to banks and TPPs:
- Third-Party Providers Identification: Enabling banks to identify third-party providers by controlling their certificates and checking their regulated statuses.
- Reporting to ASPSP: Providing reports about TPPs’ API usage and performance.
- Third-Party Providers Support: Providing functional and technical support to third-party providers.
- Consent Management: Enabling management of the customers’ consent in accordance with PSD2 and GDPR requirements.
By joining forces, the four shareholders already account for almost 75% of cumulative market shares for individual customers and 65% for SMEs and corporates in Luxembourg. The initiative is nevertheless open to any bank concerned by PSD2, aiming at simplifying and accelerating their PSD2 compliance without making heavy technical and human investments. For TPPs, access to banks via LUXHUB will provide an important added value since they will be able to access all connected banks through a single connection and a unique identification process.
But the ambitions of LUXHUB far exceed the sole Luxembourg market. The newborn company clearly shows its European ambitions.
Jacques PÜTZ, CEO of LUXHUB, stated "In the future, successful innovative business will only be possible by cooperating with other partners or banks. LUXHUB sees its mission as helping European financial institutions with these challenges.”