Saldo is one of the first Finnish companies to introduce new services to review account information, which are now permitted and regulated under the Revised Payment Services Directive (”PSD2”).
PSD was introduced in an effort to regulate new and developing areas of the payment services ecosystem and also to allow access to bank account information for the use of third-party service providers in a safe, standardised manner (this is known as ”open banking”). The updated legislation was introduced over a number of phases, however it’s now fully in force since September 14th 2019.
The new payment services that are regulated by PSD2 fall mainly into two categories. These are:
Payment Initiation Service Providers or PISPs, which are authorised to act as payment intermediaries. PISPs can initiate payments directly from a user’s bank account, with the user’s explicit consent.
Account Information Service Providers or AISPs are service providers who can obtain authorisation to access the information associated with a bank account (again with the explicit consent of the bank account owner). AISPs have the ability to provide real-time information relating to consumer accounts, such as transaction history, earnings and expenses, either directly to the consumer or to a third party company like Saldo.
Saldo was one of the first financial services providers in Finland to use this type of information, as now regulated under PSD2, to facilitate the lending process.
PSD2 has enabled fintech companies like Saldo to improve our services and respond quicker to the needs of our customers. For example, through the use of PSD2 authorised service providers, our decisions regarding loan applications are not only safer, but also take far less time to approve.
In order to obtain account information necessary for the approval of a loan application, Saldo has partnered with Swedish service provider Kreditz.
A loan applicant can grant Kreditz permission to access their bank account and pull information such as transaction history from their account. Kreditz then provides this information to Saldo, which we use to make an informed decision regarding whether we should approve the loan.
Obtaining more detailed information regarding a customer’s solvency and their ability to repay ultimately allows Saldo to provide better service and more personalised loans to our customers.
In addition, using PSD2 account information services like Kreditz enables us to continue to keep our loan applications fully electronic and streamlined. For example, applicants are no longer required to send their payslip or other income statements for manual review. Instead, thanks to the new technology, we can directly receive accurate and up-to-date data about an applicant’s solvency. With this data, Saldo can then make a quick decision about making a loan offer.
When PSD2 was first proposed by the E.U., many consumers believed that the Directive would potentially make shopping or managing money online more cumbersome. However, PSD2 has created a framework which makes online purchases safer and, in some cases, easier.
Let’s take a quick look at the main changes brought about by the implementation of PSD2.
The introduction of PSD2 has opened up the banking system to new players. It has achieved this by granting companies licences to access bank account data and use it for a variety of value-added services, including aggregating bank account data. These new PSD2 service providers can use this data for their own purposes or provide it to third parties.
This new ”open banking” infrastructure allows financial service providers like Saldo to use increasingly accurate customer information to improve their services and operations.
As discussed above, this is revolutionary for companies offering loan services. Companies like Saldo can either use data obtained by AISPs to help them make decisions relating to loans or, alternatively, they can also apply for a licence to retrieve the information themselves.
The way in which payment account information has become accessible has advantages for both loan service providers and applicants. On one hand, companies have access to more accurate information, which allows them to offer more personalised loans. The burden for the loan applicant has also been reduced, in that the requirement to manually submit proof of income and solvency has become unnecessary.
PSD2 has also introduced a requirement known as ”strong customer authentication” or SCA. SCA was introduced with the aim of reducing fraud and making online payments more secure. Up until now, most payments could be made online by simply entering card details and pressing the buy button. SCA, however, adds an additional layer of security with the intention of protecting the buyer.
Under these new rules as set out in the Directive, additional information that is only known by the cardholder is required to make payments online.
PSD2 sets out three methods by which SCA can be achieved. In order to comply with PSD2 at least two of the three conditions must be met. The conditions are:
1. Knowledge: Something the user knows, such as a password or PIN.
2. Possession: Something the user has, such as a key code list application.
3. Inherence: Something the user is, such as fingerprint or facial recognition.
For a consumer trying to make an online purchase, SCA may seem cumbersome and appear to involve too many steps. However, it makes online payments much safer and more secure.
PSD2 also introduces better protection for consumers who are victims of unauthorised payments. Under the Directive, banks are required to fully compensate consumers for unauthorised transactions, provided the consumer is not negligent and has reported their lost or stolen payment instrument, such as their card, without delay.
Additionally, if a customer has acted negligently, the amount they may be liable to pay has been reduced from 150 € to just 50 €.
The changes brought about by PSD2 are far reaching and will eventually impact everyone making online transactions. Obviously, some of the new requirements and opportunities introduced by the Directive, such as SCA and the open banking infrastructure, may seem onerous or unusual and therefore take quite a bit of time to adjust to. For instance, some consumers may not be comfortable with the idea of granting third parties access to their bank account information.
However, it’s important to note that access to bank account information is only granted with the express consent of the account holder. In addition, consumers can also take solace that companies providing these new services (PISPs and AISPs) are required to obtain a licence and are therefore regulated by the competent regulatory body in their own Member State. In Finland, the Financial Services Authority regulates these companies.