Two months after the final PSD2 deadline: where are we with the APIs?
With the September PDS2 deadline now visible in our rearview mirror, what is the status of the bank APIs in Europe two months later? Well, we still face big challenges as an industry to make sure the technical environments improve. But what we’ve seen is an encouraging shift in terms of collaboration and cooperation with some of Europe’s biggest banks.
We’ll say this straight off the bat – the number of PSD2 APIs that are compliant is still zero. But given the scale of the technical challenge to improve these environments, it’s unreasonable to expect they would be different just two months after the deadline. Everyone needs more time to see those numbers tick up – something we’ve been advocating for since well before September.
Just look at the UK’s experience with Open Banking. In November 2018 – nine months after the legislation came into effect – the uptime of the APIs was hovering at a dismal 96% (imagine one out of every 25 emails just getting lost). Now uptime is over 99%.
This is progress that should be celebrated. And the progress we’re seeing in Europe is an uptick in the number of more open and productive conversations we’re having with some banks around the technical issues and troubleshooting of their PSD2 APIs. The handful of banks taking this approach are proactively improving their APIs – and moving closer to providing a user experience that’s similar to what their mobile apps offer.
After all, this is the ultimate aim of PSD2 – and the reason why we’ve been advocating for stronger PSD2 APIs: so that as customers gain control over who accesses their data, they also get a consistently great customer experience that matches the one they get directly with their banks.
Stepping into the customers’ shoes
The biggest change we’re seeing is that some banks are now understanding – and getting first-hand experience – of what it’s like to be on the customer side of the PSD2 APIs.
Some bankers we’ve been in touch with are trying out the experience provided by their APIs. And when they compare it with what other banks are offering, they’re realising that improvements could be made.
In the past few months, we’ve been collaborating to make adjustments to their APIs with them. In many cases, this means removing hurdles. A couple of banks have cut out some of the unnecessary strong customer authentication (SCA) processes – or two-factor authentication – that customers were going through to authenticate themselves. Instead of having users go through two SCAs, now it’s just one.
In other cases, they’re rethinking the authentication flows. Some banks see that the web redirect method they were using for SCA was providing a far worse experience than what their customers were used to.
Making progress with closer communication
In the months we’ve spent integrating with the PSD2 APIs, we’ve gotten to know the people working on them at many of Europe’s biggest banks. We are in Slack chats, WhatsApp chats, email conversations, phone calls and working group meetings.
Our integration teams in Sweden, Poland and Serbia have exchanged a staggering 3,000 emails with tech experts from banks across Europe. And here’s what we’re seeing:
→ Some Swedish, Dutch, UK, German and Austrian banks have begun or are planning to deploy new authentication flows and measures that improve the user experience. Some examples include:
Implementing a decoupled or app-to-app authentication flow – instead of the headache-inducing web redirect flow. It means users don’t have to go through nearly as many steps to authenticate themselves with their banks.
Removing the ‘IBAN flow’, a multi-step authentication flow that requires users to input their IBAN number in order to authenticate themselves with their bank through a third-party service. Most users don’t even know what an IBAN number is.
Cutting down the number of times a user has to do two-factor authentication (SCA) when they’re fetching more than 90 days worth of transactions.
Allowing customers to use authentication credentials obtained at any bank, such as BankID (rather than a bank only accepting credentials obtained through them).
→ Two Spanish banks that previously had their documentation available in Spanish have now made it available in English – which now makes it possible for developers across Europe to integrate with their PSD2 APIs.
→ Some PSD2 APIs are demonstrably improving in key ways. In the example below, a major Swedish bank substantially improved the number of successful authentications for customers (the red colour in the chart).
Failures can happen for two reasons: 1) a user is not able or chooses not to finish an authentication journey because of complicated steps, unclear instructions or non-mobile friendly flows; or 2) the bank’s server is having issues.
In the case of this bank, they improved the user experience and reduced the number of technical errors – bringing success rates up from 50% to 80%.
A positive trend despite negative numbers
There is still a long way to go, but our assessment just eight weeks out is that we’re seeing a handful of major banks start to acknowledge and proactively improve their APIs. And they’re setting a powerful example that other banks can follow.
Of course, we wish we could say the challenges haven’t continued. We wish the regulations had been crystal clear, leaving no room for doubt as to what the APIs were supposed to look like in the first place. But the reality is there are many grey areas, which leads to many interpretations.
Players across the industry are working to find solutions. As a group, we’re creating common definitions for what a good user experience should look like. Or how to best deal with strong customer authentication (SCA) requirements. All for the first time.
In the past few months, we’ve sent letters to more than 100 of the biggest banks in the 12 European markets we serve to help identify areas for improvement.
And we applaud and cheer on the forward-thinking banks that are taking these concerns to heart, using the recommendations to improve their APIs and moving closer to compliance. These are our favourite conversations, and the ones that keep us going.
We hope it marks the start of a trend – one that leads to more collaborative conversations with big banks about how we can work together to improve the APIs. We’re already doing this with dozens of banks and, as you can see above, the results are impressive.
Everyone wants this massive effort and investment to be a success – to preserve the customer experience and make way for a powerful new generation of financial services. So if you represent a substantial population in your market and would like to improve your PSD2 API – then we would love to talk to you.
Send us a hello at openbanking@tink.com – we can’t wait to start working together.
This article originally appeared as a guest blog post on 11:FS, authored by our new country manager in the UK and Ireland, Rafa Plantier.
More in Open banking
2024-11-19
12 min read
From authentication to authorisation: Navigating the changes with eIDAS 2.0
Discover how the eIDAS 2.0 regulation is set to transform digital identity and payment processes across the EU, promising seamless authentication, enhanced security, and a future where forgotten passwords and cumbersome paperwork are a thing of the past.
Read more
2024-10-08
6 min read
Lending essentials: how enriched data solutions help lenders tackle constraints
Enhancing your affordability assessment with Tink’s data-enriched solutions helps you put an end to inaccurate data, prevent fraud in loan origination and stay compliant – read on to explore the benefits.
Read more
2024-09-24
4 min read
Why Pay by Bank fits luxury retail like a glove
Pay by Bank offers a solution that addresses the potentially higher transaction fees and fraud risks while enhancing the customer experience for luxury retailers.
Read more
Get started with Tink
Contact our team to learn more about what we can help you build – or create an account to get started right away.
