How Banks Can Prepare for the Known Unknowns of PSD2

PSD2 compliance is set to revolutionize digital payments, but these new mandates are uncharted waters for most banks. Successfully navigating these new directives is all about understanding the threats and learning how to thrive in uncertainty.

The known unknowns of PSD2

Banks need to be prepared to handle the myriad uncertainties facing their organizations in the wake of PSD2. Primarily, these involve new economic challenges and security loopholes that threaten the institution’s viability:

    • New economic competition from highly innovative Account Information Service Providers (AISPs), many of which have established and competitive customer experience strategies.
    • Unpredictable consumer behaviors in a quickly-evolving payments marketplace.
    • Proliferation of channels and data streams to be secured, including mobile, voice, internet-of-things (IoT) devices, and all other vectors brought on by new APIs.
    • Fraud in never-before-seen patterns, as is common with any new technology that creates new attack vectors in a company’s system.


Fraud teams need to adapt

Unfortunately, many modern banks are poorly equipped to handle the shifting dataverse and multiplying attack vectors. PSD2 produces a constrained view of customer information wherein banking institutions will lose access to the customer data they’ve been relying on for years. As customers transition to payment services offered by AISPs, banks will need new strategies to make sense of these new data streams.

And to make matters worse, failing to achieve compliance comes at a higher cost than ever. New sanctions put forth by the EU’s General Data Protection Regulation (GDPR) reduce the limits on fines for non-compliance, meaning that companies have more at stake than ever.

Fraudsters thrive in this chaos. And as a variety of new third-party APIs enter the financial services arena, these fraudsters will take every opportunity to leverage new points of attack before banks can adapt.

So from a certain perspective, the PSD2 migration is a dangerous time for banking institutions. But from another, these dangers present opportunities for banks that are able to adapt. For example, banks can seek revenues from new products and services, and pursue integrated partnerships made possible by open APIs, outcompeting other banks in the scramble. With the right support, banks can be ready to address the challenges, seize the opportunities, and greet PSD2 with confidence.

The Next Steps

PSD2 is set to redefine modern fraud detection; here are steps banks can take to prepare:

  1. Ensure open communication between risk and customer experience PSD2 allows for a deeper bank-customer relationship, but only when channels of communication are widened and integrated between risk management teams and customer service teams.
  2. Invest in machine learning: Machine learning platforms are one of the best ways to counter emerging fraud. Banks that still rely on rules-based approaches alone to fraud detection will lack the sophistication needed to prevent attacks before they occur.
  3. Create a flexible strategy for overcoming uncertainty: Aside from the new data streams that banks will need to contend with, many PSD2 regulations have yet to be written. Banks need to be flexible to stay ahead of these uncertainties.
  4. Be proactive: Above all, banks need to move. Banks that strike first and strike hard against fraud will have the best chances of detecting abnormalities, protecting their data, and safeguarding their customers’ experiences. Proactive banks can then parlay PSD2 compliance into new business opportunities, by seeking new revenue streams and partnerships that are only possible under open banking.


Find a Scalable Partner

PSD2 supports new technical standards, authentication requirements, and fraud attack vectors; this can be a tough pill to swallow for banks unprepared for the transition. Companies often believe they can get by with patchwork solutions that address issues in silos without a comprehensive plan to coordinate them. But in most cases, tackling these challenges one solution at a time is a time-consuming, costly approach. This is the benefit of finding a scalable partner in the fight against fraud.

Third-party providers that specialize in machine learning platforms can help banks integrate new fraud detection systems, build out technical solutions to achieve regulatory compliance, and prepare the organization for the future of digital payments. Don’t underestimate the impact of these partnerships. With the right tools, banks can look beyond the mandates of PSD2 and see it for what it truly is: A business opportunity waiting to be seized.

Click here to download Feedzai’s full report on how PSD2 is redefining financial services.