In effect, since January 2018, PSD2 has changed banking for good. Promising a more cooperative, competitive and progressive financial market, the Directive has already been integrated by many non-European jurisdictions. The rest of the world is using it as a blueprint. Nevertheless, the transformation cycle started by the Directive is still not complete. In addition to open banking standards, PSD2 includes a mandate for payment service providers and merchants to implement strong customer authentication (SCA) to make payments more secure for cardholders. The implementation process for this phase is still ongoing.

Considering the open questions and uncertainties around the topic, we consulted Hakan Eroglu of Mastercard and asked about the real impact of the Directive. In addition to leading the open banking practices of Mastercard Data & Services, Hakan is also an expert and thought leader for payment topics and an active member of the Berlin Group’s NextGenPSD2 Advisory Board since the very beginning.

  • Hakan, thank you for making time for us in your busy schedule. Can we start with your background and experience?

My pleasure! I have a Computer Sciences (Technical University of Darmstadt) background, and I am the Global Open Banking Lead and MEA Innovation Lead for Data & Services at Mastercard. I am based in Zurich.

I joined Mastercard from Accenture. Over the years, I gained extensive expertise in Open Data and Services Ecosystems, Open Banking Regulation, API Standardization, Instant and Frictionless Payments. I combine more than 11 years of project experience in shaping Open Banking strategies, building API-based use cases and business models, and designing digital payment schemes in Europe, MEA, Latin America, and Asia. I am humbled to be recognized as a thought leader in this vertical.

In addition to working on open banking and innovation topics daily, I serve as a board member of the Berlin Group NextGenPSD2 Advisory Board, the MENA Fintech Association, and the Open Banking Working Group Euro Banking Association (EBA). These positions allow me to stay close to global market practices and developments.

  • You have been working on global open banking trends and API standardization for many years now. Do you think that European integration is mostly complete? What were some challenges that stalled the integration process for the banks?

Overall Open Banking in Europe continues to be successful in terms of changing the mindset of the industry. Openness in financial services is inevitable. The EU Commission is even working on Open Finance regulation, which goes beyond PSD2. However, the current implementation of PSD2 has its “teething problems” which is normal in such a large transformation program involving banks in 28 EU member states. The deadline of 14th September 2019 is just over a year ago, not all APIs are implemented in a compliant way and or have reached the level of required API performance. Customer experience is important as well – here it was a challenge to ensure a frictionless flow and at the same time to comply with the new Strong Customer Authentication SCA) requirements. High security standards and frictionless customer experience need to go hand in hand and balanced wisely.  Many banks still run on legacy systems and need to heavily invest in modern technical infrastructure such as API platforms and cloud. That’s why banks are focusing on building revenue models around Open Banking and generate a return on investment.

 Berlin Group has been leading the way for clarifying PSD2’s technical implementation and overcoming the API fragmentation issues. Two years after the Directive came into force, what is the Berlin Group working on these days?

Openness in Banking doesn’t stop with PSD2 or UK Open Banking in Europe. The new EU data strategy published earlier in 2020 and the recent announcement of the EU Commission is key: the next evolution is Open Finance as part of a wider Open Data ecosystem. The UK’s FCA just completed a consultation on Open Finance to foster more competition for services around retail business customers. Open Finance will include more asset classes and new types of transactions which will be looked at (e.g. from Berlin Group) in the dedicated Open Finance Task Force to design a standards framework for these use cases. As an elected member of the Berlin Group Advisory Board, I will be contributing to the efforts of this development in Europe as well.

  • Since PSD2 covers payment providers in all the EEA countries, it is supposed to impact the ecommerce shopping experience for over 299 Mio customers. Flipping the coin, what does the SCA requirement mean for ecommerce players and retailers?

PSD2 was not only about APIs and Open Banking, it was also about the new rules around SCA. The idea behind these new regulatory requirements introduced by the EU is to make electronic payments safer and to ensure that whoever makes an electronic payment is who they say they are. This requires a huge effort from all parties in the ecosystem, including retailers and other businesses to ensure that all systems are ready. It is something that industry players have been working on for the past two years. Understandably, however, retailers have had their minds on other things over the past few months. If there is one trend that lockdown has amplified, it is the massive shift to digital, specifically digital commerce. People turned to e- and m-commerce in proportions never seen before and this trend is likely to continue post-Covid. The new requirements will become mandatory at the end of this year. This means that any transaction that is not complying with the new requirements will have to be declined. Not only will this lead to a bad consumer experience and result in a significant amount of lost sales. If not addressed properly, it will also tarnish any retailer’s reputation and ultimately drive previously returning customers away.

  • PSD2 was just a beginning. What should we expect from the updated rules, and how can we remove some of the existing market fractions and challenges using PSD3?

Frictionless customer experience and high security standards are not mutually exclusive – both are very important. The evolution of safe and secure authentication when paying or sharing data could be to leverage biometrics capabilities, for example, to process SCA in the background without actively asking the customer to act. In an Open Finance world – as the next evolution – payments can be made on real-time payments rails, including dispute resolution mechanisms. Customers can share more data beyond current account details, namely all asset classes in order to benefit from a broader variety of use cases – e.g. seamless product comparisons and product switching and invisible payments in a 5G and IoT world. The next evolution of regulation, frameworks and guidelines will most likely cater for these trends and market needs.

Gazi University Faculty of Law graduate Ş. Elif Kocaoğlu Ulbrich has degrees in Private Law from Galatasaray University and MBA from WHU – Otto Beisheim School of Management, and is also a fellow of Jean Monnet, Joachim Herz Stiftung. After working as a lawyer in various international law firms in Istanbul and Ankara for more than six years, Denizbank A.Ş. She started her banking and finance career in 2013, specializing in business development, project management, FinTech regulation and lobbying activities at FinTech startups (FinLeap, Cringle, Lendico) in Hamburg and later in Berlin. Co-author of The PAYTECH Book, The AI ​​Book and The LegalTech Book, which are planned to be published in 2020 in cooperation with FINTECH Circle and Wiley, Kocaoğlu Ulbrich has been providing consultancy, training and publishing services since 2019 through Berlin-based Contextual Solutions, which she is the founder of.