In part 2 of our interview series, 'Ask The Experts: The Future of Banking & FinTech in Light of PSD2' we interview Savino Damico, Head of Digital Payments and Biometrics, Research and Acceleration of Innovation, CIO Area at Intesa Sanpaolo.
Head of digital payments and biometrics at the Sanpaolo Group’s Innovation Center since 2015, an incubator that seeks ideas to promote innovation in Intesa Sanpaolo and exploring digital payments, digital identity, biometrics, blockchain and cryptocurrencies. It deals also with research centers and companies (mainly start-ups) offering pioneering authentication methods, such as SecuredTouch’s advanced behavioral biometrics solution.
Savino Damico has over 20 years of experience in international banking. Due to his extensive experience with bank-to-bank, consumer and corporate payments in the past years he has been appointed as an official representative of Italian banking community at various prestigious institutions, including the EPC committee dealing with standards in payments and the Euro Banking Association.
Question: The upcoming PSD2 directive will enable third-party providers to access banks’ customer accounts through open APIs. What was your first reaction to this development?
Answer: This directive does not come as a surprise because the EU Commission has been discussing and issuing various regulations for the past 25 years in order to create greater competition between the different players and increase innovation. There is some worry because we must let the new Fintech players and other banks to access customer’s accounts , but the positive aspect is that banks will have to open up to the world around them.Generally speaking banks are not so accustomed to opening up their systems, and the first item on the agenda is consumer trust and security. So we must open up more without increasing the risk factors. This is not an easy task nor can it be accomplished overnight, as it demands a change of mindset.
Question: You mentioned the challenges of trust and security. What other challenges will banks face following the implementation of PSD2?
Answer: PSD2 will change the general scenario that we are accustomed to dealing with. I deem that in the mid-term, say 3-5 years, we will see significant improvements. Thanks to the directive as from January 2018 (upon the conditions that some PSPs will provide this service) a customer will be able to use a single application to handle all of his or her bank accounts. There are technical aspects for building the open API that need to be clarified and a common standard will only be in place towards the ends of 2019. Anyway what we can expect in the short-term is that most consumers will not trust banks and Fintech to keep their data safe for accessing their accounts. Most will prefer to keep two or more banking applications, consistent with the number of their accounts. I believe that we will only see a remarkable shift toward the use of aggregation services offered by Third Parties and banks in 3-5 years.
PSD2 Paves the Way for New Players
Question: The new directive will enable service providers to initiate payments on behalf of users (PISPs) such as P2P and bill payments, thereby adding an intermediary to the chain and weakening the relationship between banks and their customers. How will this affect the traditional role of banks and their profitability?
Answer: I prefer to adopt a positive approach. We can use this new framework to offer additional services to our current customers and attract new ones, but some aspects are still unclear. For example, can the bank charge a fee for opening up the API for this purpose? This is an important consideration that can have major impacts on banks strategy.
Question: How do you think these new services will affect user experience?
Answer: By taking for granted that any PSP will act according to all the relevant laws, starting from the privacy rules, let’s imagine new services that can be connected through one aggregating bank application: I can see several accounts. So if one is overdrawn, the bank can offer a loan. By using big data and artificial intelligence, bank could know about various customer life events – for example, if a baby is expected or maybe if someone is about to buy a house and requires financing. There is a great opportunity here, but also a lot of accompanying challenges. In such a framework it is expected that the PSPs offering the best user experience and innovative services should be able to increase their customer base.
Question: Intesa Sanpaolo has embraced Fintech but traditional banks are more hesitant. Do banks fear losing customers to new Fintech enterprises?
Answer: There are different cases. Big banks are striving to find a common ground with Fintech, but some smaller ones regard the latter as a threat rather than an advantage. I believe that the banking system has the opportunity to gain great benefits by working with external organizations to accelerate the pace of innovation. It is not easy, but it can be done.
There is a risk of losing customers but there are also possibilities to strengthen the bank’s relationship with its consumers, by improving the customer experience and by attracting new customers. Tech giants have the resources to generate greater competition to incumbents, but on the other hand it is not so simple for them to be compliant with all payments rules and regulations.
Question: Do you think traditional banks will cooperate with Fintech?
Answer: Due to its innate agility, Fintech can accelerate traditionally slow processes. I think that most banks will embrace greater cooperation with Fintech, although some may hold back and prefer to keep things in-house.
Smooth UX Doesn't Mean Increased Risk
Question: Do these new services potentially increase the risk of fraudulent activity? Are the banks and customers apprehensive about these risks?
Answer: Yes, actually in this complex scenario the security risks increase for sure. We need to nurture trust with our customers but at the same time open up our systems. We must assure a highest level of security. The best way to boost security is to comply with the strong customer authentication (the two factors authentication) requested by the PSD2, by looking for the best way to offer a smooth UX to our customers. We need different parameters that will ensure protection against fraud, while maintaining a seamless customer experience. By capturing behavioural biometric parameters we are able to create an accurate user profile for authentication purposes. And it’s so simple –as the customers have only “to be themselves”, by behaving normally. So you are able to obtain the highest level of security with a very smooth user experience.
Question: What are the more innovative authentication solutions that banks will use to comply with PSD2?
Answer: I think that many will turn to behavioural biometrics authentication, because it does not rely on only one factor, for example, the iris scan or the fingerprint. The combination of many different active physical factors makes the authentication capabilities stronger.
We should all view the upcoming developments as a great opportunity despite the various obstacles that banks now face. Our key objectives should be to focus on ways to provide innovation to our customers and constantly improve the user experience, while maintaining a very high-level of security and data protection.
For part 1 of this series, we interviewed Damian Richardson of RBS. Check it out here