Although PSD2 never explicitly refers to APIs, most experts in the technology and financial sector take it for granted that APIs will be the technical means that allow the Banks to fulfill the specifications of the regulation, quite apart from what the EU countries implement in their respective legislations during the coming months.
There is still considerable uncertainty about the implementation of PSD2, although the European Banking Authority is expected to publish some guidelines before 2018. As the saying goes, we still need to come back down to earth, and define in practical terms what for the time being are only some important but very open guidelines to how the banks will have to open their payment services to third parties –so-called TPPs (Third Party Payment Service Providers). There is still a long way to go before this can happen.
The challenge is their practical application and the search for de facto standards for bank APIs.
The EBA needs to give more detailed specifications of the PSD2 before or in parallel to the implementation of the directive by EU countries, and even more so before its actual application by the financial institutions, who will be the first to be required to comply with it.
Without a second future iteration in greater depth, describing how these should be implemented and what should be done, it will be very propagated to articulate the directive horizontally and achieve the overriding goal of reinforcing a European payments system designed to favor the global economic growth of the EU.
If PSD2 is intended to reinforce the Digital Single Market in Europe and bring about a genuine single payments market, there must be a certain level of homogenization between the APIs opened by various banks in order to simplify their access and integration by developers and integrators of bank APIs, and allow the banks to create platforms with a long-term vision.
If the practical application of the PSD2 is to be really effective and transform the digital payments market in Europe, the real challenge will be to come up with standards for the bank API sector in terms of definition, nomenclature, access protocols and authentication (OAuth, certificates, tokens, two-factor authentication etc.) –this last under the umbrella of XS2A– focused on access to bank account information.
Is the API economy sufficiently consolidated and mature to be applied in the banking sector?
It is calculated that there are currently over 250,000 public APIs or open APIs registered in ProgrammableWeb, which is today the leading directory for professionals in the sector. According to some studies, this figure is only the tip of the iceberg, and may represent only 20% or 30% of the total open APIs existing in the world.
This would give a final figure of open APIs worldwide of around 750,000 public APIs; that is, 750,000 companies or technology projects that have opted to open up to third parties through web services or micro-services, data, functionalities or channels of interaction with their products or digital services.
According to some calculations, fewer than 10% of APIs are public and almost 50% are private, and the rest are open only to corporate partners. What’s more, it is calculated that each week there are around 100 new public APIs, and monthly data traffic through APIs increases 10%.
According to these and several other indicators, the so-called API economy has become consolidated in a wide range of extremely varied sectors: digital giants such as Google, Netflix, Spotify, Sendgrid and Twilio, social media (Twitter, Facebook, Instagram) and the retail sector –particularly important on multimerchant e-commerce platforms such as Amazon, Ebay or Alibaba.
APIs have also led to the exponential growth of the collaborative economy (Uber and Airbnb), the media and content distribution channels (NYT, BBC, Marvel), travel, tourism, the energy and transport sector –passengers, goods and logistics– (Expedia, Amadeus and Sabre leverage a large part of their business on their APIs), UPS, FedEx –and particularly, now in the financial area, the fintech and online payments sector with classics likes PayPal, Stripe and Venmo, or big hitters like Dwolla, LendingClub and CardConnect.
How can bank APIs transition from the linear-local to the exponential-global model?
If financial and bank APIs can ride the PSD2 wave and exploit the potential of APIs –as many other sectors have done successfully, we will be embarking on a new and very interesting stage in the financial technology sector.
This transition must be done intelligently to encourage the emergence of new business models and real innovation through APIs, creating effective standards and building open platforms in a sufficiently attractive way for the API consuming companies.
If this can be done, we will be paving the way for payment services to make the leap to the exponential-global era and we can say goodbye to the current phase of linear-local growth.
This last phase was necessary to ensure the implantation of the fintech technology and digital banking sector in all the EU countries, but significantly constrained the possibilities of the payment sector as a tool for generating wealth and technological innovation at the pan-European level.
More information about APIs and open banking
– Revolution banking: the challenge of open APIs in finance
– Open baking or how banks are transformed with APIs
If you want to learn more about BBVA’s open platform and financial APIs, go to this site.