[Study] API performance

La PSD2 (Payment Services Directive 2, applicable since January 2018) enabled the implementation of Open Banking in Europe and established two types of API (consultation and account aggregation / payment initiation) . A report from the European Commission, on the application of PSD2, revealed in 2022 that it had not achieved all the objectives set and noted a strong margin for improvement.

Based on this observation, French third-party payment providers (TPPs): Bridge, Fintecture, Lyra, and Powerens, members of France FinTech, mandated the independent French firm Frame to carry out the first sectoral and independent study in order to define, measure and observe the quality of banking APIs and, thus, contribute to the development of a common definition of their performance and submit concrete proposals to exploit the full potential of Open Banking.

🔹A low acceptance rate for transactions via PISPs observed (44%); Complex functional pathways with security measures in place that impact the overall level of acceptance.
🔹Strong disparities in the use of level 1 and 2 statuses by the different ASPSPs; Poor use of level 1 and 2 statuses which results in an overuse of the first level so-called “intermediate” statuses and in an overuse of the second level “NOAS” status.
🔹Unproven irrevocability of payments in certain cases with impacts on merchant use cases.
🔹Progress still possible in the sharing of information to fight fraud more effectively.
🔹Low usefulness of the fallback with regard to PIS use cases making the dependence on functional APIs very high.
🔹Gaps in terms of monitoring the PSD 2 guidelines, particularly regarding communications on the use of APIs (advance notice period in relation to developments, publication of indicators on APIs, availability of APIs, etc.).

 

Following the various findings stated above, several recommendations are made. These aim to improve certain areas of the directive and contribute more broadly to responding to the challenges raised by PSD 2.

Recommendation 1: strengthen the monitoring of the functional pathways put in place by the ASPSPs in order to detect any potential problems and ensure the success of operations intermediated by TPPs.

Recommendation 2: strengthen the monitoring of operations mediated by TPPs in order to ensure the proper use of the statuses recommended by STET.

Recommendation 3: prohibits the cancellation of a transfer initiated successfully.

Recommendation 4: strengthen the exchange of information between market players in the service of a more efficient fight against fraud.

Recommendation 5: set up error messages during failed authentication on the fallback of banking establishments.

Recommendation 6: improve ASPSP communications on APIs and their operational status.

Recommendation 7: harmonize practices between establishments during automatic requests initiated by AISPs to ASPSPs.

Recommendation 8: introduce error messages on the main interface of banking establishments when the SCA fails.

Recommendation 9: optimize SCA routes.