Under the keywords “Open Banking” or “XS2A”, PSD2 has brought a major innovation: third party service providers were granted access to online payment accounts by law in order to offer new services to customers.
Account Information Service (AIS)
The account information service is a payment service under Section 1(1) sentence 2 No 8 of the Payment Services Act (ZAG), which is defined in Section 1(34) ZAG as “an online service for communicating consolidated information on a payment account or accounts held by the payment service user with one or more other payment service providers.” The account information service provider is given access to the user’s online account in order to display the information from the account in the desired form to the user or a third person specified by the user. The account information service has practical use, for example, to provide the user with a finance management tool. But the account information service is also increasingly used for scoring (e.g. evaluation of income and expenditure).
It is important to know that the person who uses another account service provider to access the account information also provides an account information service itself and must be registered accordingly. In order to prevent this, it must be ensured that only the registered account information service provider has access to the user’s security credentials and that only this provider enters into a contract with the user.
Payment initiation service (PIS)
The payment initiation service is a payment service within the meaning of Article 1(1), second sentence, No 7 ZAG, which is defined in Article 1(33) ZAG as a service “where a payment order is initiated by the payment service user in relation to a payment account held with another payment service provider.” The payment initiation service provider accesses the user’s account and transmits a payment order to the payment service provider holding the user’s account on the user’s behalf. An example of a payment initiation service is “Sofortüberweisung”.
Only for online payment accounts
However, the PSD2 does not allow access to all accounts, they must be online accessible accounts. Furthermore, they must be payment accounts, so that e.g. pure credit accounts do not fall under “open banking”.
In principle, it is planned that the account servicing provider provide dedicated interfaces. If this is not the case, the AIS and PIS providers may use a fallback mechanism and access the user’s account via “screen scraping” (see also Screen scraping is dead – long live screen scraping! ). The technical standardization of the XS2A APIs is provided by the so-called Berlin Group, which is an association of various stakeholders on a European level. What you hear from the market is that the technical implementation, especially the dedicated interfaces of the banks, is not yet running smoothly and that there is still room for improvement, so that KID and ZAD really do work without problems with all account-holding institutions.
Cover picture: Copyright © PayTechLaw