Four years after the introduction of an EU payment framework, you now have access to safer, faster and cheaper payment options as an European consumer. Despite all the advantages, there is still a lot that can be done so you become the owner of your own data and can shop around between providers as you wish. Here we set out what Europe needs to focus on as they revise the current payment regulations of PSD3 and PSR1.
🔓Klarna believes YOU should control your data.
If you don’t like your bank, you should be able to click a button and take all your data with you to a better bank. Or if another company offers a financial service you like, your bank should facilitate that for you.
This was one of the promises behind the EU’s Payment Services Directive 2 (PSD2), a regulation which has been in place for a few years now. But the banks have found ways to water it down and stop consumers from taking their data to better banks or fintechs.
⏰We still have time to get it right.
The EU is now updating its payment regulation, which gives the industry an opportunity to stop traditional banks from back-sliding and deliver on the promise that you, the consumer, owns the data in your bank account.
👉 Klarna has set out its recommendations to make sure that EU consumers truly own the data in their bank accounts. This is an extract of our full position paper.
Banks must share ALL customer data when requested
Consumers should control their own data and decide who to share it with. All too often, banks don’t share all of a customer’s data with other providers, even when that customer has expressly requested them to. This prevents innovative new providers from offering better services, and prevents consumers from accessing better, faster and smoother services. If a consumer chooses to use a different payment provider, that provider should get access to exactly the same data, in real-time and free of charge, as the consumer's bank does.
Klarna’s recommendation 1: Banks should be expressly required by the regulation to share *all* of a customer’s data, including identity data (address, date of birth etc), when a customer has given their permission.
Innovative new companies must not be held back by the old banks.
Often innovative new fintechs with much better user interfaces are limited by what the traditional banks are able to achieve. This must be fixed to allow Europe’s most innovative minds to improve the banking experience for all of us and adapt to new ways of paying such as through smartphones, wearables or other mobile devices.
Klarna’s recommendation 2: New services must not be forced to rely on traditional banks for part of the customer journey. For example, consumers usually get access to a fintech service through the bank’s boring interface, limiting the ability of the fintech to provide an excellent consumer experience.
Innovative new payment services should have full control over the services they offer.
Under current rules, banks maintain control over payments which are managed by a third party. This means that innovative new players cannot decide to stop a payment that looks fraudulent, or to prevent a payment from being revoked.
Klarna recommendation 3: Providers of Open Banking should have full control over their payments, including the ability to decide not to go ahead with a payment. Similarly, banks should not have the ability to revoke a payment just because it was initiated by an alternative payment provider. Both banks and fintechs should collaborate more closely in sharing information about fraudulent behavior.
Less friction, for better insights.
Want to know how much you spend on groceries or afterwork drinks? You can see that in seconds thanks to apps that manage your finances and connect to your different bank accounts (aggregator apps). This is called Account Information Service (AIS) and is also regulated by PSD2. For that to happen you give permission to the provider of the information service. But it's annoying when the information is out of date, you have to renew the permissions every time you use the app, or the app doesn’t connect to all your accounts when you want it to. These blockers can easily be removed.
Klarna recommendation 4: European legislators should allow AIS providers to request data continuously throughout the day and enable multiple permissions for the same consumer - even if it’s for different accounts - to allow consumers to access the same level of services across the EU and tailor the services to consumers’ needs.
Security should not be an excuse for poor user experience.
PSD2 has resulted in safer and more secure payments for consumers. Unfortunately, banks have also used security as an excuse to make it harder to use alternative, better services.
Klarna recommendation 5: It is important to protect from fraudulent activity. This is done by requesting consumers to prove their identity - through so-called Strong Customer Authentication - when they first connect a new account information service to their bank account. However, the low fraud risk associated with continued connection should allow consumers to easily re-confirm or disconnect from these third party services when they don’t need them anymore or are dissatisfied with a click of a button (‘opt-out’), rather than having to re-approve with a lengthy authentication process after just a few months (‘opt-in’).
Supervision & enforcement.
PSD2 has brought about important rules to open up payments. The problem however: there is little incentive for incumbent banks to comply with these regulations as supervisors have had different approaches to enforcing them. Even more so, PSD2 has been implemented across the Union in very different ways leading to an incoherent set of rules.
Klarna recommendation 6: We support the Commission’s plan to improve enforcement and implementation, as we believe this will lead to further harmonization which will benefit you as a customer, but we ask EU-legislators to allow payment services providers providing services in another Member State to be allowed to join the supervisors’ joint meetings to discuss existing hurdles and try to fix them for the benefit of consumer experience.
Banks should be responsible for the availability and quality of their APIs.
The current proposal doesn’t not require banks to provide an alternative if access to the data they hold is not available for a range of reasons (for example the bank lacks functionality or data, there is a slow response time, or the user experience is not working…) for which contingency measures are not covered in the proposal.
Klarna recommendation 7: There should be more stringent service level targets for banks’ dedicated interfaces, and appropriate sanctions against non-compliant banks.
Permissions dashboard.
Permission dashboards give consumers an overview of who they've given their data/permissions to, when, for what purpose, until when, and allow them to manage and revoke access to their information. The problem is that these dashboards are usually provided by the banks, even when it's the fintech that offers the service (and therefore better knows the latest status on the type of service rendered, data used, until when, etc). Therefore, the dashboards should be populated with information provided by the fintechs.
Klarna recommendation 8: We ask legislators to clarify that the displayed information made available to consumers via the permissions dashboard must be based on the information provided by the service provider - not the bank.