BBVA API Market
One of the most important aspects of the European PSD2 Directive is payment initiation services (PIS). We tell you what they are, how they work and what has changed with the approval of the PSD2 Directive.
PIS (Payment Initiation Service) is a type of service that uses online-banking to make payments on the internet without needing to use any payment means (such as a credit card or a bank account) at the time of the transaction.
Through a platform that acts as a bridge between the merchant and the customer, the customer enters all the information necessary to carry out the transfer, such as the amount of the transaction, the account number, etc., and informs the merchant of the start of the transaction.
This means that the user can purchase online in a totally transparent and secure way. The payment initiation service has advantages for both parties to the transaction:
Payment initiation services offer appropriate and secure financial solutions to both businesses and users, ensuring the possibility of making online purchases even if the payer does not have any payment method to hand.
Other actors, such as payment initiation service providers (PISPs), also participate in this environment. These are companies that function as intermediaries and allow third parties to carry out transactions on behalf of the buyer, always with prior authorisation and without the need for the buyer to access the bank’s online portal.
Some interesting examples of payment initiation service providers in Europe are Trustly in the Scandinavian countries, Sofort in Germany and iDEAL in the Netherlands.
The way payment initiation services work is simple: once a customer has agreed to allow
a third-party provider to access their bank details, a PISP-owned payment interface will request information from the user, who will select their bank and enter their online banking credentials to finish the process.
The bank then validates the credentials and authorises the request for the payment transaction. Then, a digital signature is requested and Strong Customer Authentication (SCA), an additional verification factor to their usual password, is applied, which can make use of biometric elements, such as the user’s fingerprint or face or a one-time code sent to their mobile.
Once authentication is completed, the transaction is carried out and the operation is credited.
All bank details are sent via encrypted codes that use JSON arrays, both for data input and output, which the user accepts when entering their banking credentials. The volume of data transmitted is generally not very big as little more than the customer details, the destination account and the amount of the transaction are needed. Thus, PISPs can offer highly agile solutions and seamless payment platforms.
Although payment initiation services already existed before implementation of the PSD2 Directive for third-party providers, its entry into force has obliged banks to open their customers’ data to third parties, upon request. This new legal requirement affects payment initiation service providers (PISPs), as well as the AISP and CISP providers that offer the services associated with application of the legal requirement.
Security is one of the aspects most strengthened by the approval of PSD2. Despite the opening of bank data, PSD2 ensures that customers security is not compromised. In fact, the Directive itself obliges PISPs to apply a series of strong authentication measures, in addition to being prohibited from accessing any information other than the data necessary to execute the specified service.
Authorised PISPs also have a legal obligation to log out from the user’s bank account immediately once the payment order has been made and the execution of the transaction has been completed. All these measures are aimed at guaranteeing the privacy of transactions and preventing malicious use of customer data.
Payment initiation is set to be implemented in many sectors thanks to the consolidation of open banking. It has a multitude of different applications, such as:
But how is it possible to materialise this whole process from the technical point of view? Quite simply, it is basically thanks to banking APIs. This means that any PISP can access customers’ banking data in real time and integrate all this information into their applications in a simple, agile and, of course, standardised way.
In other words, the payment initiation service is not carried out by a human being, but by source code that uses all the necessary specifications for the transaction to be carried out properly without compromising the user’s security. One of the most outstanding APIs for initiating payments is Payments PSD2, which allows your customers to initiate payments from their BBVA accounts.
Open banking plays an important role in strengthening financial inclusion in developing contexts.
In this ebook you will find everything you need to know about open banking regulation around the world and how it can benefit your business.
PRETA is one of the leading bodies in the European Union in terms of intra-Community payments and financial transactions. Following the implementation of PSD2, the body has focused its efforts on ensuring compliance by providing a number of services and documentation that suppliers need.
