PSD2

ONLINE ID & STRONG AUTHENTICATION

IN TURMOIL

How will the changing

operating environment and

regulation change the market?

Company Background

● Mobile authentication specialist company, founded 4/2010

● Helping banks, telecom operators and other consumer online services to secure their services and end users

● MasterCard Start Path company, customers and partners globally

● Venture funded from Finland, US & HK

New regulation, new deal

PSD2● Strong authentication● Extends the scope to most

PSPs● Lowers the barriers to entry● Opens bank data to 3rd

parties

eIDAS● EU wide eID schemes● Cross border identification● E-signatures will have the

same legal weight as their physical counterparts

● Opens up the eID market

PSD2 timeline

2013 2014 2015 2017

European Commission proposes to

review the PSDPreparations

EU parliament agrees to the

revised directive Law comes into force in Member

States + 24 kk

2016

EBA's technical PSD2 recommendations

EBA's guidelines for e-payments

19.12.2014

ECB's recommendations

for e-payments 31.1.2013 1.8.2015

Changing roles in the value chain

• Account Servicing Payment Service Provider (ASPSP)● Consumer's bank, current issuer

• Payment Initiation Service Provider (PISP)● Initiates the payment process, seller or PSP

• Account Information Service Provider (AISP)● Consolidates customer's data, ”cross-bank”● AISP can be a totally new actor

PSD2 defines interfaces between various actors and opens up the value chain for new actors

PSD2: E-payments value chain

Seller Acquirer:Worldpay,

Bank,...

Card company

Customer

Payment enabled by PSD2

Card payment today

MoneyAuthentication

MoneyCard details

Seller,PSP

(PISP)

CustomerCustomer's

bank

Issuer:Customer's

bank

Acce

ss to

ac

coun

ts (X

S2A)

Security:Country specificBank specific

Security:PSD2 & EBA technical specs. Strong authentication

PSD2: E-banking transactionsTransactions enabled by PSD2E-banking today

Account informationAuthentication

CustomerCustomer Bank 2

Bank 3

Bank 1

Bank 2

Bank 3

Bank 1

AISP• Consolidates information into one service• Potential disruption point

AISP

Acce

ss to

acc

ount

s (X

S2A)

AISP – new opportunities with PSD2?Transactions enabled by PSD2E-banking today

Account informationAuthentication

CustomerCustomer Bank 2

Bank 3

Bank 1

Bank 2

Bank 3

Bank 1

AISP

Acce

ss to

acc

ount

s (X

S2A)

All-in-one bank service

opportunities

PSD2 brings Web UX to finance

MP - My Bank

Google MoneyWould like to connect to your account. Please select the information which Google Money can obtain:

Savings account infoLoansSecurities

AllowCancel

x~

Note: illustrative example only

Notes about PSD2 payments

• PSD2 expands the reach of online payments● As many as 60% of the European consumers don't

own a credit card

• PSD2 simplifies online payments● Potentially less players in the value chain● Potential savings to merchants and consumers

● New entrants may enter the payment market● PSD2 accelerates competition in payment services● ASPSPs must open APIs to other PSPs

Responsibility of the PSP

● Strong customer authentication ● Must include elements linking the authentication

to a specific amount and payee (dynamic code)

● User privacy● PSP must protect users’ personalised security

credentials.

● PSPs are required to find evidence against fraud● If the customer denies a payment transaction, PSP is

obliged to provide proof - or refund

authentication and authorization

Fast. Mobile.

Secure.

Software smartcard in Your app!