DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports Events Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
  1. DZone
  2. Data Engineering
  3. Data
  4. PSD2: Banking on the Edge

PSD2: Banking on the Edge

PSD2 forces banks to make data available.

Michael Bissell user avatar by
Michael Bissell
·
Dec. 07, 18 · News
Like (5)
Save
Tweet
Share
17.47K Views

Join the DZone community and get the full member experience.

Join For Free

Europe keeps influencing data privacy around the world. First, there was GDPR, and now we have PSD2, which is the new phase of Europe's Payment Services Directive. And as with any new compliance, there's a lot of confusion about what it does, what you have to do and what it all means. You can basically sum it up like this:

PSD2 forces banks to make data available.
To be honest, that sentence is a bit tricky because of two words: banks and data. There are a lot of definitions of "banks," but let's assume we mean companies who hold onto your money and provide access via services like checking, credit/debit cards, and online banking.

Data is even trickier as there are basically three kinds of data PSD2 is forcing banks to expose.

Making Public Information Available Over an API

Surprisingly, banks are now forced to expose information like bank locations and services over an API - this data may have been available on websites, but now it's required to be available over an API allowing for easy integration into third-party apps.

This means a third party will be able to create apps for finding specific kinds of branches (an obvious example is branches with good services for people with disabilities or who have different native language speakers). But interestingly, once a standard is established, it will be suddenly very easy to compare banks services, find contact information, and use that information to help consumers navigate the big banks.

Making Customer Transactions Available Over an API

Banks know a LOT about you — your spending tells them where you are, what projects you're doing (spends a lot of time traveling but buys a lot of home improvement hardware). That data has always been considered an asset of the bank so they can develop new products and services and sell them to a ready customer base

But under PSD2 that information can be released to third parties. Say you grant a tax management application access to not just your main checking account but to your credit cards from other banks, and to your savings accounts. Finding your deductions suddenly got a lot easier.

Allowing Third Parties to Trigger Payments

And here's the big one — now, third parties can send requests to your bank directly to move money from point A to point B. Moving money around has been tricky for years; credit card machines in retail shops connect to a card processor, not the bank. That card processor then contacts the bank and money starts to move around.

PSD2 makes it so anyone can write software to contact the bank and, with the right credentials, move money from one account to another.

Sounds Great! How Do I start?

PSD2 is a body of European law that European banks have to comply with. We're not sure how it's going to affect US banking, or what the APIs are going to look like, or what brilliant applications are going to come out of it.

The problem with compliance law is that the people who write it aren't the people who have to implement it or make it work. When a body of law is brand new there haven't been any wins or losses, so no one has a model for what to do and what not to do.

The UK's OpenBanking (see https://www.openbanking.org.uk/) is probably the most sophisticated at this point, but third parties still have some pretty big gaps they're going to have to deal with including

  • User Identity: Each bank has their own Identity management system; if you're going to build a third party app against, say the nine major banks in the UK, you're going to have to coordinate all nine identities and have a secure way to maintain those identities in such a way that doesn't make them have to log in nine times every time they want to look at a report.
  • Services Identity: Your app and your microservices are now playing with people's banking and livelihood. Every little app, be it your frontend web app or individual microservices on the backend, need specific permissions so something doesn't go rogue and start eating everyone's money. (And even if it isn't going to eat money, you need your customers to be comfortable it won't. See our blog on Infrastructure, Legal and Embarrassment).
  • Thing Identity: Obviously a big part of the opportunity with PSD2 is changing the tools we use to transact business. Kiosks, mobile devices or embedded systems are going to become more and more important. Trusting that device means tagging and identifying the device as much as a human being.

And, at the end of the day, this is all part of the GDPR world. You need end-to-end tracking so if something does go wrong, you know exactly who touched what, why, and how to fix it.

mobile app microservice

Published at DZone with permission of Michael Bissell, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • DevOps Roadmap for 2022
  • A Guide To Successful DevOps in Web3
  • Tips for Optimizing PHP Code for Better Performance
  • 5 Challenges in Building Distributed Systems

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends: