Is PSD2 Good Or Bad?

The new banking data legislation in the EU is a confusing one


One of the biggest advantages that banks have had over the more agile and manoeuvrable startups has been that they already hold all of the data the startups need to succeed. Goldman Sachs was founded in 1869, HSBC was founded in 1865, and Lloyds was founded in 1765, which means they have hundreds of years worth of data and records that can be called upon. This has also allowed them to perfect what they need to collect in order to maximize their profits or customer satisfaction.

Given the huge damage that banks have done to society over the past decade, it is little surprise that people are increasingly turning away from them. It is equally unsurprising that investments in the FinTech startups challenging these incumbents has increased so significantly in the past 5 years, with total investments in 2013 around $0.39 billion compared to $2.8 billion in 2017. One of the only reasons that people are sticking with banks at all is because of the hassle and confusion that comes from moving away from them, primarily because of the data they already hold.

However, this may all change, at least in Europe, with the introduction of PSD2.

The idea behind PSD2 is to force banks to hand over the data they hold on their customers to anybody who has permission to hold it. This means that companies that allow customers to pay bills, check credit or apply for loans, without needing to use a traditional banks. But will this ultimately be a good thing?


Behind medical data, financial data is the most sensitive that people create. It can show some of the most personal and delicate elements of somebody's life, whether they are financial difficulties, whether they frequent a specific place, or thousands of other actions. You only need to look at the recent Equifax hack to see the seriousness of losing financial data - those impacted now need to check to see whether they've been a victim of criminal activity for the rest of their lives.

Banks have, so far at least, been strong in their cyber security efforts, with no large-scale hacks having taken place in recent history. Lloyds, Halifax, and Bank of Scotland in the UK even managed to keep themselves protected during a DOS attack in January 2017 without revealing any account details or needing to give in to ransom demands from those committing the attack. This is because, despite some of the widely publicized negatives in some working practices, banks spend billions each year on their data protection, which makes their systems some of the most secure and robust in the world, often behind only the internet giants and governments.

PSD2 will allow the data that has been so securely stored into the hands of startups who lack the resources to offer the same level of security as the multi-billion dollar banks. With the increasing number of criminals looking to exploit weak data systems, this could be a potential windfall as the most prized data will suddenly be in systems that are potentially much easier to access. There is also a risk in the transfer of this data, the point at which it moves from one system to another is a well-known weak point that is easier to exploit than when it's in a secure system.

There is little doubt that this hands a significant amount of power to FinTech startups, but it is also a potentially difficult time for consumer safety too. FinTech companies often focus on one specific are. For instance, Monzo looks at payments, Stripe is all about ecommerce, and Transferwise is all about money transfers. These are all elements that banks already do under their own roof, so customer data is held in a single repository across every use. With data being transferred to FinTech startups, suddenly this single area that needs to be defended by one company, needs to be defended across many different companies with many different approaches, making the likelihood of this data falling into the wrong hands much greater.


Banks have not historically been the most popular entities. Firstly, they were boring places where people kept their money, then they became hotbeds to make huge amounts of money, then they almost single handedly destroyed the global economy. The only reason that incumbents like JPMorgan, Bank of America, and Lloyds survived was because they were deemed 'too big to fail' and were bailed out with billions of dollars of taxpayer's money. They only survive today through legacy, they offer almost no service that isn't done better elsewhere.

A major advantage they hold is that people have held accounts with them for years and the data they hold is unattainable by more agile and customer orientated companies who offer the same service. They essentially hold a monopoly based on their historic significance rather than high quality services being offered, their employees are still routinely being jailed for fraud, or avoiding jail despite their guilt. Bankers are hated amongst almost everybody in society, yet many people are forced to continue paying their wages because there isn't the option to move elsewhere.

PSD2 offers them the opportunity to share their data with other entities, meaning that part of the element that creates this monopoly is broken. Suddenly this data in the hands of a different company can be used in a completely new way rather than it being used in more or less the same way across the majority of banks who are simply competing against banks offering identical services. It has the potential to completely blow apart the stranglehold that banks have on this space. This isn't simply opinion either, according to Roland Berger, a Munich-based consulting firm, as much as 40% of the European retail banking industry's income could be up for grabs.

The adage that data is the new currency is now growing old, but the reality of the statement is still there and in much the same way that literal currency is being hoarded, this move by the EU promises to break the cycle and give the little guy a better shot at success. We have seen that once a company gets too big or too powerful, it is in danger of not caring about its most important stakeholders - its customers. We saw this with the destruction of the global economy in 2007 and we have seen this to some extent with hacks to companies like Equifax, where there is evidence of, at the very least, poor practice leading to disaster.

Through spreading the data across many new and exciting companies, rather than having it sat within the databases of huge global banks, it is more likely to be used in new and innovative ways. Through breaking the monopoly and giving this information to a larger number of rivals, the huge incumbents will be forced to react and improve their services rather than simply relying on their historic success for future growth. 

Looking small

Read next:

Expert Insight: 'An Effective Visualization Results From A Great Deal Of Curiosity And Exploration'