Total Pageviews

Thursday, 8 December 2016

Data ownership and PSD2

On 30 November 2016, Dutch news (eg, newspaper, TV) announced that as of 2018 banks will start sharing your payment details with companies (eg, Google) after obtaining your consent. This is an alleged but false consequence of an EU directive called Payment Services Directive 2 (PSD2).

"At the core of PSD2 is the requirement for banks to grant third-party providers (TPPs) access to a customer’s online account/payment services in a regulated and secure way" (Accenture). This access is limited to name and bank numberPSD2 articles 66 and 67 do not allow requesting or storing "sensitive payment data" (ie, all payment data except for name and account #; see Article 4(32)).

This access is technically solved by Application Programming Interfaces (APIs). A Dutch example is the iDeal application which briefly connects bank, consumer and retailer during internet purchases. The iDeal application is owned by the joint Dutch banks. This is no coincidence. The real issue is data ownership, a concept that is not even mentioned in PSD2. See my 20 January 2015 blog.

Access to customer data lies at the heart of several business models (eg, FB, Google). The more companies know about us, the more data they can offer to advertisers, and the more they can earn on our data. Unlocking customer payment data at banks is a goldmine for companies (eg, Nordic). 

The added value - and thus price - of Google ads would explode when Google would be able to confirm that ad clicking resulted in the payment of a purchase. It's similar to the sequence: (1) historical Order-to-Cash rate, (2) current click-through rate, (3) future "click-to-cash" rate.

From a strictly legal point of view, a bank account holder is the owner of his/her payment transaction data. Banks only register our transactions (ie, receipts, payments). The civil law assumption that "possession equals ownership" would not apply in their case.

It's unlikely that bank account holders will get a reward for letting banks sell their transaction details. A reward would open an intense debate about the value of that information: default vs personalised fee, one-off vs annual fee, a fee for all vs defined payments. Clearly, the transaction details of well-known politicians, singers, or soccer players would be more interesting than mine.

Application Programming Interfaces (APIs) could change the banking landscape. Android PayApple Pay, Apple Wallet, Facebook Pay/Wallet, and Google Wallet are early attempts to create API's, obtain customer payment data, and break the banking dominance over customer transaction data.

I am reluctant to let a bank sell my transaction details. A financial reward would probably not change my opinion although even privacy is ultimately for sale. Once our banking transactions are sold, anything is possible. There is no upside and there is a huge downside. Anyone has something to hide in his/her life (eg, government, employer, neighbours, family). The sale of banking transaction details makes your life too transparent for interested parties with wrong intentions.

MC Hammer - U Can't Touch This (1990) - artist, FB, lyrics, video, Wiki-1, Wiki-2