By means of the Payment Service Directive 2, the European Union provides a legal background to improve the internal market for electronic payments. Its ultimate goal is to benefit consumers and businesses, but an interesting and more direct effect is the creation of a payment ecosystem made up of different actors – banks, fintech startups and government agencies – interoperating via APIs.
API Ecosystems like PSD2 soon become assets, and in order to benefit consumers and business in the long run, they need to be sustainable – that is secure and trustworthy – as their trust could be threatened by chance or purpose by individuals or organizations.
All actors should invest in trust, providing an interoperable background for:
- reliability of the provided services and relations between the actors (on both technical and legal sides);
- security of the communications and accountability of the actions, to lower the legal barriers for producers and secure people’s data;
- usability of the technical and user interfaces, which affects both security and the spreading of the ecosystem.
The role of standards is to address the points above by joining the efforts and sharing the costs across all the ecosystem actors.
An overlooked matter in IT is that technical interoperability affects user experience. In the electronic world, mobile chargers standardization improved significantly people’s life and allowed sharing the costs of security and ergonomics between manufacturers.
Government standards instead tend to be geographically fragmented between continents and countries, each one implementing similar procedures or using similar technologies in a different way – such as AC power plugs.
The always-growing complexity of digital threats increases the costs of security maintenance and the risks of obsolescence, while security requires coordinated investments and high-wage hirings; this is not always possible in the public sector and doesn’t always happen in the banking world where IT is seldom perceived as core business.
Converging standards between Government-to-Government, Government-to-Business and Government-to-Citizen mitigate those risks and benefit users, as joining efforts from different sectors allows investing more in user experience while writing specifications.
Moreover IT industry standards eventually make their way into widely used tools and products like phones, browsers and middleware thus becoming global.
Those products are built and designed all over the world and their development and maintenance costs are extremely high, both for the investments required and the complexity of the hiring.
Currently most of that development and the discussion on related specifications
happens in the open within worldwide forums or code-sharing platforms.
The European Union could support public sector use cases in those forums and check that they are properly implemented in tools and devices that would natively support those use cases.
For this to work, European countries and agencies should act in a coordinated manner.
But will a top-down imposition of standards help the competitive landscape of the sector?
Yes, if that is the result of the above process, based on Internet Standards and through a transparent participation to communities where new technologies are addressed via an evolutionary framework.
This scenario will facilitate not only fintech startups but all of them: organizations aiming for a digital single market should focus on the creation of new services covering many areas, including fintech while avoiding the fallacies of a siloed approach. Well defined standards permit to focus on the development of those services while sharing the security costs.
While a lot of attention is paid on the business models that will emerge from the application of the Payment Service Directive 2, we should look at the general landscape and see the directive as a general opportunity for pushing API-conservative actors and the public sector to embrace the change and produce composable digital services. The outcomes will be significant, including the creation of high-skilled workplaces; especially if the banking sector contributes more – directly or via their technology providers – to security Internet Standards.