The new Payment Service Directive (PSD2) was supposed to take full effect in September 2019 – at least that was the original plan. Open banking has become part of the landscape for consumers, but for banks, there is still some way to go.
A survey from March 2019 revealed that 41% of European banks missed the deadline to provide third-party providers with a testing environment.
That’s one of a few reasons why the deadline was pushed back to December 2020.
Plenty of time you might think. But don’t underestimate the timelines for testing, developing, and testing again. If your back end is ready in November this year, there simply won’t be enough time to test it thoroughly and implement any final changes by December.
This is not something to leave until the last minute.
Testing – how banks know they’ve got it right
Many banks struggle with implementing PSD2 and meeting its standards – especially when it comes to strong customer authentication (SCA).
Banks have to not only find a way to implement SCA, but also make it easy to use while preventing fraud. That’s a lot of things to keep in mind all at the same time.
So, banks and merchants are changing and adapting their code in both the front and back end, but they struggle with validating it all. Does my solution work? Is it suitable for the real world?
All of these questions need to be answered – and don’t be surprised if that takes much longer than you thought.
When it comes to winning new customers and earning their loyalty, trust is crucial. Seamless, hassle-free user experiences – on any device – are therefore the order of the day. Users must feel confident in the systems and processes they interact with. Anything less and their faith in your organisation begins to fade. It’s a well-known fact that bugs kill customer trust in banking, finance, and B2C transactions.
If you want to learn more about trust – not only in the financial industry – have a look at our blog posts around this topic:
Bugs Kill Trust & Revenue: Bug Testing in the Financial and Banking Industry
Load & Performance Tests for the Finance, Banking, and Insurance Industry
Make Your Webshop Trustworthy for Black Friday
What could a test look like?
The trick to getting PSD2 right is tackling any problems with your systems, so your customers don’t have to. That requires a multi-faceted effort, which will yield valuable results in the long run.
Yes, there are many things to bear in mind when performing PSD2 testing, but the rewards from getting things right the first time are definitely worth it. To give you a good insight into how it’s done, I’ll tell you about a test we’re running at the moment.
The focus of this test is the payment process with strong customer authentication (SCA) integrated. We run tests with 50 European banks and 20 merchants, such as Amazon, PayPal, Zalando, etc.
Banks and merchants need to ensure that the payment process works flawlessly on the front end and that the right authentication mechanisms are triggered in the back end.
For example, for low-value transactions between €20 and €25 SCA is only needed if the cumulative amount reaches €100 or a certain number of transactions. So our testers need to fulfil numerous small-valued orders to ensure that the SCA is requested in the right way.
We also test SCA for recurring payments. We ensure that the user only needs to log in once for the first payment and all following payments to work based on this first log in.
All tests are performed by two testers per bank, both on a mobile device and a PC. The testers make a purchase with a defined value to see if the authentication triggers the right actions and behaves as it should.
As you can imagine, this creates a lot of data. That data needs to be gathered and evaluated to see how well everything works and to point out any weaknesses – that’s why it’s so important to start testing as early as possible. By running tests early enough, the most valuable results will be achieved, and necessary changes arising from the tests can then be implemented.
The test I’ve just outlined has been running since August – and we’re not done yet. It’s a few months of work, but the cost and consequences of not doing it would be severe.
To learn more about testing or to discuss any challenges your organization is facing in implementing PSD2, get in touch.
Our team is on hand and ready to help!