PSD2 is a regulation that has been adopted by the European Parliament and Council of EU, aiming to give consumers more control, convenience, and transparency over payment services. PSD2 was implemented, Union-wide, back in 2018 and is now in full swing. However, not a lot of people are fully aware of what happens beneath the surface. If they would know more, they could make the most of this technology and understand its benefits. Hence, we will be looking at 3rd Party Providers in the PSD2 environment.
What are Third-Party-Providers (TPPs) in Open Banking?
First of all, we will need to be clear about what it is that PSD2 and Open Banking do. PSD2 aims to improve the quality and transparency of existing services as well as create a platform for new ones. PSD2 also permits third-party providers (TPPs) to access customer account data from banks.
Essentially, a Third-Party is every entity that's not a bank or credit union (where a user may have an account) but is involved in the transaction. They are licensed organizations/institutions/subjects that can transmit, collect or analyze financial data with the consent of a user.
TPPs can be payment initiation services, account information services, or payment accounts. However, they can also be other kinds of platforms that are not necessarily financial, but those are much less frequent.
Why Third-Party-Providers Matter Altogether?
PSD2 is an attempt to create a level playing field where third-party providers have access to user data without the need for banking apps developed by each respective bank. This will allow customers to choose which bank service they get from, and it will likely lead to a proliferation of different PSD2 apps.
In the PSD2 environment, a third-party provider is a company that provides additional services for PSD2 customers (besides banking). It is a type of platform operator acting in this environment on behalf of the customer. In the realm of PSD2, customers are PSUs - customer account holders. PSD2 TPP (the TPPs that we frequently mention) generally do not need PSD2 PSUs to have a payment account registered with them or be their affiliate. They have their own links and connections with the larger banks.
In terms of identity management, TPPs will be responsible for the authentication and identification of users. This is the crucial element that makes the digital payments market work altogether. If users wouldn't be verified, the market would just stop dead because no transactions or operations would go through.
Can and Should You Trust TPPs?
This is the tricky part because each TPP has its own protocols and processes for conducting its services. PSD2 brings in transparency requirements that will help users know exactly how they are identified by third-party providers. This includes information on how data is collected or used.
However, PSD2 does restrict what types of information can be collected and gathered. Both the financial institution and the user must be allowed to provide consent to TPPs, but they seldom give customers the easy option of opting out of their data being used by a third-party provider altogether. This is a weak point of the industry (as of now) and needs to be addressed more.
Nevertheless, this is only an area that could be exploited by wrongdoers. The legislators and banks try to make sure that this won't happen and play their role in protecting the customers from evil intentions of not-so-transparent 3rd parties. Generally, however, the reputation of them is overwhelmingly positive and you should and can trust TPPs.