PSD2 and HSM as a Service

PSD2 and HSM as a Service - part 1: leveling the playing field

Certain events can drastically change an industry forever. The Revised Payment Services Directive (PSD2) mandates certain changes that has the potential to significantly alter how the payments industry operates in the EU. For commercial banks, the run up to PSD2 has meant hectic activity and restructuring of their technical processes.

However, from a business and product standpoint, there are countless new opportunities for anyone willing to think outside the box. This applies equally to the new FinTech challengers as well as the existing financial service giants. After all, turning threats into opportunities is what good business is all about.

A brief introduction to PSD2

The idea behind the Revised Payment Service Directive is to essentially create a more competitive and more secure payments sector in the EU. One aspect of PSD2 deals with stronger authentication, while the other lays the groundwork for promoting innovation. This is being achieved by mandating banks to share certain customer data with third party vendors (with the customer’s permission of course). These third-party vendors may be restricted to just having access to account data (Account Information Service Providers or AISPs), or the ability to initiate transactions as well (Payment Initiation Service Providers or PISPs). 

With this PSD2 mandated access, these AISPs and PISPs can thus offer innovative new services that were just not possible before. It is these opportunities that we will be discussing in this three-part series on PSD2 (read more on PSD2).

A level playing field

Incumbent Banks have enjoyed a significant advantage in terms of high entry barriers that exist for new entrants. These barriers include everything from complex regulatory compliance mechanisms, to vast treasure troves of data which are essential for structuring banking products and even making lending decisions. The disadvantage of these entry barriers is a reduction in innovation across the industry. To be fair, banks have always been early adopters of technology, but the industry is yet to really experience the sort of creative disruption that only new start-ups can bring.

This is the prevailing environment in which the European Commission is trying to pry open bank vaults and force them to share some basic information with third party partners (TPPs) who can then innovate on the bank’s behalf.

This obviously needs the consent of the customer while also requiring TPPs to comply with certain regulations, but it really does shake things up quite a bit. Banks themselves can take the role of AISPs and PISPs, but so can entirely new entrants into the financial service sector. This leveling of the playing field is what is expected to breathe new life into the sector and spur radical innovation.

The creation of this level playing field is where tools like HSM as a Service can really make a difference. It’s one thing to provide access, but that won’t amount to much unless the TPPs can match or exceed the level of transactional security that banks provide. This no longer requires massive upfront capital expenditures - TPPs can tap into cloud services and make use of flexible and scalable solutions for everything from storing data to utilizing Hardware Security Modules for security.

In Part 2  of our series, we shall take a deeper dive into the opportunities that this grand leveling has created for FinTech firms.

Blog post by Paul Abraham

About the author

Ulrich Scholten is an internationally active entrepreneur and scientist. He holds a PhD in information technology and owns several patents on cloud-based sensors. His research on cloud computing is regularly published in highly rated journals and conference papers. From 2008 - 2015, he was associated research scientist at the Karlsruhe Service Research Institute (KSRI), a partnership by KIT and IBM, where he researched network effects around web-platforms together with SAP Research.

To find more press releases related with below topics, click on one of the keywords:

How can we help you?

Talk to one of our specialists and find out how Utimaco can support you today.
You have selected two different types of downloads, so you need to submit different forms which you can select via the two tabs.

Your download request(s):

    By submitting below form you will receive links for your selected downloads.

    Your download request(s):

      For this type of documents, your e-mail address needs to be verified. You will receive the links for your selected downloads via e-mail after submitting below form.





      Download via e-mail