Exploring ISO 20022 and PSD2

March 24, 2021

ISO 20022 will work alongside the Payment Services Directive 2 (PSD2) to standardise the data used to implement financial transactions. How will this improve transaction simplicity and security?

PSD2 and ISO 20022

The future of commerce is digital. In the wake of the pandemic, more people and businesses are choosing to buy and sell online. And with that comes a surge in online payments.

The digital payments market in the UK rose to a value of $164.4bn in August 2020, a 6% year-on-year increase of $10bn. Across Europe, the UK generated around 25% of all digital payments in 2020, making the need for efficient and effective ways of carrying out transactions online more pressing than ever. 

Online payments, however, require standards. The Payment Services Directive 2 (PSD2), which becomes enforceable amongst payment services providers (PSPs) in the UK from September 2021, aims to make transactions more secure through Strong Customer Authentication (SCA). This requires payees to provide at least two of three pieces of information outlined by the directive (something they know, something they have, or something they are) before they can continue with the transaction. 

Behind the scenes, however, a new standard will be gradually phased in amongst PSPs. ISO 20022 will mandate a standardised language for online payment systems between different markets, simplifying the processing language behind transactions between financial institutions. In the UK, the Bank of England will implement ISO 20022 as part of the upgrade of its Real-Time Gross Settlement (RTGS) system facilitating transfers between banks. 

How will PSD2 and ISO 20022 make financial transactions more secure? And what role does ISO 20022 play in facilitating the transition towards Open Banking amongst financial institutions?


Securing transactions 

The security of transactions under PSD2 and ISO 20022 relies on the security of the channels through which relevant financial information passes. Account Servicing Payment Services Providers (or ASPSPs) will, as part of ISO 20022, need to ensure relevant security certificated and encrypted channels are available, through which payment information can be communicated. By using this means of communication, activities like real-time fraud detection and the dynamic linking of transactions to security tokens can be made secure and, importantly, open, allowing third-party providers (TPPs) access to customers’ accounts if permission has been granted.  

Securing the relationship between ASPSPs, Payment Initiation Service Providers (PISPs) and Account Information Service Providers (AISPs) is a major prerequisite of securing transactions. PISPs are responsible for allowing customers to pay payees directly from their bank account as opposed to through a debit or credit card, while AISPs permit all of a customer’s accounts to be viewed in one place. ISO 20022 states that ASPSPs should lay the groundwork for the secure functioning of AISPs and PISPs through interfaces capable of identification, authentication and implementation activities. 

Opening transactions 

While more developed in the UK than in European Union Member States, Open Banking promises an integrated banking experience to customers, in which third-party providers can be easily granted access to their accounts, offering a range of services. While PSD2 encourages an Open Banking environment to be cultivated within the European Union, ISO 20022 lays the technical foundations needed for this to happen, especially with regards to high-value transactions. 

ISO 20022 compels ASPSPs to release technical documentation for free, allowing TPPs to freely access the information when permitted by an account holder. In an increasingly interconnected world, the simplification of the technical language used to initiate, carry out and complete payments securely will allow for easier cross-border transactions, while not sacrificing the element of security. 

Enhancing transactions 

As banking becomes more integrated and more open, there will be growing demand for quicker backend processes facilitating customer transactions. The use of a traditional XML structure provides a cost-benefit for banks when implementing smooth banking between different markets. 

ISO 20022’s relationship with APIs has been a hot topic of discussion in the ISO 20022, with many APIs not having been developed with the messaging standards of the ISO in mind. Some have claimed that the two are incompatible with one another. However, there are opportunities to be gained through using a standardised language when building APIs. Through using a simplified and unified language to communicate payment information, banks can potentially realise an array of benefits, including process automation via the increased amount of detailed data that can be transferred during transactions. 

Mastering standards

With the requirements of PSD2 becoming enforceable in the UK from September 2021, and ISO 20022 being rolled out over the next three years, it is important for PSPs to be ready for the changes. Learn how Critical can help you navigate the regulatory maze in our white paper on PSD2 and APIs below.