Europe's Payment Services Directive, or PSD2, has almost everything a technology vendor would want. It affects an entire continent, and it involves both sweeping new data requirements and a substantial IT revamp for large financial institutions.
"PSD2 on the surface seems pretty simple: The banks open up their APIs. But the directive is 100 pages long and there are 50 pages for just regulatory and technical standards," said Steve Kirsch, CEO of Token.
The London- and San Francisco-based Token just attracted a $15.7 million Series A funding round from Octopus Ventures, EQT Investors and OP Financial Group. The two-year-old company has developed an open banking platform that supports the same application programming interface across all banks, making it easier to connect to third parties.
While the original PSD from 2007 redefined payments companies to accommodate mobile commerce and digital startups, the new addendum — which takes effect in January 2018 — is designed to open the payments system further, allowing consumers to opt in to their banks sharing personal financial information with third parties.
Token plans to use its investment to expand its platform to meet the needs of a potential addressable market of up to 750 million consumers for PSD2.
"This will impact all of the banks in Europe and beyond," said Simon Andrews, a portfolio manager for Octopus Ventures, a London-based investment firm.
Banks have viewed PSD2 with some trepidation over potential loss of control over consumer relationships, but the standards do give banks some advantages. Banks already possess this customer information in greater quantity than third parties, and the sharing requirement gives banks a chance to enter more partnerships with nonbanks.
Many companies hope to cash in on the technology work involved in connecting data aggregators to banks. Maikki Frisk, executive director of the Mobey Forum, has argued PSD2 can produce a single view of a consumer's financial affairs across financial institutions, merchants, apps and payment companies.
"But there is a lot of work required to make this happen," Token's Kirsch said. "It's not just open up the APIs and have a nice day … banks don't like change."
Token eases the API sharing requirement by using the cloud to allow new software to run on top of banks' own PSD2 APIs while connecting with systems at other banks and third parties. That model is designed to make it easier for banks to add services that can run off of payments, Kirsch said.
"It's going to open up a lot of new use cases and will improve existing use cases," Kirsch said. "It's like the internet. A lot of banks were reluctant to adopt the internet at first. But it revolutionized banking, and you really can't survive without it now."
The market opportunity of integrating bank payment systems with third parties is attracting lots of other technology companies. Modulr, for example, is using APIs, a web dashboard and ties to business payment rails to power individual accounts for each customer instead of aggregating disparate payment accounts after the transaction.
IBM has built a "sandbox" for PSD2 that uses API Connect, a tool that allows developers to create, run, manage and secure APIs in a hybrid environment. IBM is also publishing PSD2 implementation APIs in its new sandbox to make it easier for developers to comply with emerging standards.
"PSD2 is far more than just a compliance issue, it is a radical game-changer for banks in Europe," said Zil Bareisis, a senior analyst at Celent. "Token can certainly help banks become compliant with PSD2, but with their technology enabling bank account-based payments, they have the potential to play a significant role in the future of commerce as well."