The impact of Open Banking and specifically the Second Payment Services Directive (PSD2) on the banking sector is well-understood and much discussed, with conferences, webinars, and many column inches dedicated to how it needs to be implemented and what its effects will be. Sure, banks are behind in terms of providing access to consumer bank accounts and they’ve been lambasted for their approach to educating customers on security – kudos to Anne Boden at Starling here. But this is well trodden ground.
The retail sector’s failure to adhere to and make the most of PSD2 has, by comparison, slipped by relatively unnoticed. CCgroup’s report into the issue, “Unaware, Unprepared and Paralysed: Retailer Readiness for PSD2”, in partnership with independent technical consultancy Consult Hyperion, is a unique insight into just how little retailers know about PSD2 and the meagre plans they have made to take advantage of this new regulation.
But what exactly will retailers miss out on?
PSD2 regulation is designed to foster innovation and competition in the financial services sector. Banks are required to create APIs that will allow third parties to access accounts directly—with, of course, the consumer’s explicit consent. This makes it possible, as Wired magazine put it, to pay with lightning speed and create an Amazon “One Click” for the entire internet.
For banks and card schemes like Visa and Mastercard this is a real threat. If payments no longer need to run on card scheme rails they run the risk of total irrelevance. And by providing APIs to third parties that are already trying to win market share from them, banks no longer have a monopoly on consumer financial data.
In reality, PSD2 is innovation disguised as compliance and these changes present a golden opportunity for retailers. As a minimum they can reduce the cost of card fees and by not handling card data reduce the impact of any data breach. But this just scratches at the surface.
The big shift is, however, about data. The fundamentals of PSD2 are the creation of data, payment and security-led APIs. These provide the cornerstones for delivering an engaging, yet safe and frictionless omnichannel shopping experience, with mobile at the centre.
But according to our research, only 16% of retailers are actively looking to take advantage of these opportunities. And a staggering 67% of retailers aren’t prepared to comply with PSD2.
While PSD2 presents opportunities, there are also threats. PSD2 cannot simply be ignored
For example, all transactions will be subject to two-factor authentication (or Strong Customer Authentication according to the directive).
Liability for fraud will rest with the party that prevents SCA from occurring, and if a retailer fails to support it, a payment will sometimes, unpredictably, be declined. Ecommerce merchants can no longer make the checkout process simpler by choosing to take liability for unauthorised payments.
Without addressing SCA, merchants will face increased abandonment and customers choosing rivals with a better checkout experience.
Luckily, retailers have some time to turn this around—the 13th January may be when PSD2 becomes law, but for SCA it’s the start of an 18-month countdown to compliance.
Only a third of retailers are ready to take action on PSD2. Our research not only details why this needs to change, but also how retail technology vendors can help educate retailers and provide solutions that address these issues.