PSD2 The opportunity• PSD2 is regulation aimed at allowing direct access to consumers bank

accounts to instruct payments and obtain balance information. Its purpose is to encourage differing payment methods other than cards.

• Numerous third parties will be sanctioned/authorised to instruct these payments.

• Banks will be reticent to allow direct access to their internal account structures by means of API until liability for compromise is determined if at all.

• Cashfac has a solution to comply with PSD2 by means of a virtual layer of accounts to protect unallocated monies from third party access.

PSD2 The impactsPSD2 has numerous new requirements, some impacting banks more than others, depending on the specific institution’s service portfolio and strategy. Three with the most significant impact include

: Strong authentication and secure communication: Strong Customer Authentication (SCA) is required inthree situations: online access to the payment account, initiation of electronic payment transactions,or actions carried out via a remote channel that may imply a risk of fraud or other abuse. Exemptionsmight be considered based on the amount and/or recurrence of the transaction, the level of riskinvolved in the service provided and the channel used for executing the transaction. SCA is a two-factor authentication that requires independency and dynamic linking.

Third party provider regulation: PSD2 extends the definition of Payment Institution by introducing new typesof Payment Services Providers (PSPs). Credit institutions and electronic money institutions are consideredAccount Servicing Payment Service Providers (ASPSPs) that provide and maintain payment accounts.Third-party providers (TPP) that are also considered payment-services providers under the regulationinclude Payment Initiation Service Providers (PISPs) and Account Information Service Providers (AISPs)that act as aggregators of customer payment accounts information. PSD2 brings AISPs and PISPs inthe scope of regulated entities.

Access to payment account (XS2A): Under PSD2 all registered PISPs and AISPs and all licensed PSPsare to have access to payment accounts held at ASPSPs under explicit consent of the client.ASPSP must share all data enabling the AISP or PISP to perform the service requested by theclient. PISP/AISP may not use, access or store any data for other purposes than provision of therequested service.

API’s

AISP’s PISP’sTPP’sASPSP’s

Customers virtual account ring fenced for API access. Only funds transferred can be accessed.

Customers physical account(s) protected from open API access. Balances and transactions for 3rd party process are committed from the virtual layer.

Legacy bank system hosting accounts and back office managing traditional payments flows.

API’s

Ring fenced funds solution - RFFS

Curr AC £2100

£400 £10£0£110 £120£270£320£137£80£0£280

Curr AC £2100

Curr AC £2100

Curr AC £2100

Curr AC £2100

Curr AC £2100

Curr AC £2100

Curr AC £2100

Curr AC £2100

Curr AC £2100

Curr AC £2100

Credit to virtual account for funds for dispersem

ent. Credit Only no debit.

Non asynchronous layer between real current account and virtual mirror.

Market scope• Every account issuer in the UK and EEA must adhere to PSD2

regulation by the end of 2018. • 13th Jan 2018 is the start date for implementing solutions by in scope

members.• Authentication levels for different payment values are to be included.• There are circa 240 banks in the UK & 47 Building societies.• In addition there are 491 Credit Unions• All will have to be PSD2 Compliant• Not including all the European banks that are in scope.

Additional information

Preparing for PSD2

Accenture PSD2 Strategy

Cap Gemini PSD2 Overview