By Jenée Tibshraeny
Do you use internet banking when shopping online to avoid credit card fees?
Instead of entering your credit card details, enabling your bank and credit card company to clip the ticket in the process, you provide your bank customer number and password and authorise the payment this way.
An increasing number of merchants offer this POLi payment option, including Air New Zealand, The Warehouse, 2 Degrees and the NZ Transport Agency.
Naturally, banks aren’t too chuffed with the competition in the payments space, and have in the past issued warnings over customers breaching their terms with their banks by providing a third party with their internet banking login details.
POLi, which has operated in New Zealand since 2009 and has been used by more than a million people, is dismissive of these claims.
Yet it wants to work more closely with banks.
Instead of POLi passing a payment request on to a customer’s bank, it wants the bank to control the authorisation process to make the payment.
This can be done by setting up an application programming interface, or API, between the bank and POLi.
POLi’s director of payments strategy, Allister Hunter, explains: “An API moves the components of the payment closer to the bank, which we think is a good thing. That’s where it should be…
“Connecting to banks through APIs would mean customers would use a bank-branded interface when they enter their bank customer numbers and passwords to make payments.
“This would be a welcome development, as the banks could manage the look and feel of the interface. It could become competitive.”
Hunter says Payments NZ - banks’ payments association - is already developing these APIs.
While POLi has for some time been enabling its customers to pay merchants online without banks’ blessings, there are a raft of other firms keen to do the same - not necessarily to facilitate payments in the same way, but to help people manage their money more effectively.
Like POLi, they want banks to embrace ‘open banking’ and allow these APIs to connect their systems.
Regulation to 'stimulate competition'
Legislation is being passed in Europe and Australia requiring banks to do so.
European Commission rules, which came into force on January 13: “Open the EU payment market to companies offering payment services, based on them gaining access to information about the payment account.”
They also: “Introduce strict security requirements for electronic payments and for the protection of consumers' financial data,” as well as ban credit/debit card surcharges.
The European Commission explains its Payment Services Directive (PSD2): “The new EU rules should help stimulate competition in the electronic payments market, by providing the necessary legal certainty for companies to enter or continue in the market.
“This would then allow consumers to benefit from more and better choices between different types of payment services and service providers.
“During the past years, new players have emerged in the area of internet payments offering consumers the possibility to pay instantly for their internet bookings or online shopping without the need for a credit card (around 60% of the EU population does not have a credit card).
“These services establish a payment link between the payer and the online merchant via the payer's online banking module.
“These innovative and low cost payment solutions are called “payment initiation services” and are already offered in a number of Member States (e.g. Sofort in Germany, IDeal in the Netherlands, Trustly in Sweden).
“Until now, these new providers were not regulated at EU level. The new directive will cover these new payment providers (payment initiation services), addressing issues which may arise with respect to confidentiality, liability or security of such transactions.”
In New Zealand, there aren’t any such regulations in the pipeline.
However the Government is putting pressure on banks to share their customers’ data with the likes of POLi on their own accord.
Commerce and Consumer Affairs Minister Kris Faafoi in November told interest.co.nz he would draw up a timeline with a plan of action on open banking after April, once Payments NZ responds to a letter his predecessor Jacqui Dean sent it before the election, asking how the industry would progress open banking.
'If they’re forced to do it… they’ll miss the boat'
Ben Lynch, the founder of a soon-to-be-launched platform that enables users to pull data from banks, among other organisations, believes that if banks were smart, they would implement open banking without it being mandated.
“If banks do it of their own undertaking, they’ll end up winning,” he says.
“If they’re forced to do it… they’ll miss the boat on building the products that perhaps their competitors (that weren’t traditionally competitors) will build for their customers.”
Through Lynch’s platform, Jude, users can get data from various financial service providers to better manage their money through the platform.
In other words, through the Jude app, you could log in to the various accounts you have with ANZ, Kiwibank, Auckland Transport, Simplicity, Mercury, Spotify, and Netflix, for example.
From there, you could bring all your account data onto Jude, to see and manage the regular payments you make in one place.
Lynch says that some companies, like Spotify, already have APIs users can use.
If you have logged in to your Spotify account via your Facebook account, you have used one of these APIs.
If you want to get data from banks, companies or organisations that don’t have these APIs, you have to do what POLi users do and arguably breach the terms of their contracts by providing Jude with your login details.
As well as consolidating all your finances in one place, on a supposedly more user-friendly platform than what a bank has to offer, you can also transfer money to other Jude users.
Lynch assures that any login details you provide through Jude are encrypted, so Jude can’t see them.
Yet he recognises that without APIs set up, users are exercising a certain degree of trust in him.
“I don’t expect most people to be that comfortable about giving their user name and passwords away. And they shouldn’t,” he says.
“So I certainly don’t intent to attract thousands and thousands of users initially. That’s a good thing.
“The point is to get enough people to build the product and get it working.”
From there, Lynch believes it’s only a matter of time before banks and other traditional financial service providers have APIs in place to share their customers’ data securely.
“You could talk about it to these companies… but if you prove that people want it, and it’s working, you’ll be able to move along much faster,” he says.
Furthermore, the law changes in the EU, and the plays the likes of Amazon, Google, Facebook and Apple are making in this area, will push things along.
Lynch believes if a bank decided today it was going to build an API to facilitate the sharing of its customer data, it would take around two years for it get over the line and be up and running.
“It’s not a trivial undertaking on their part. These companies are built on big legacy technology. But there is, I think, a huge first mover advantage,” he says.
While banks already use APIs in other ways, Lynch maintains ASB and Westpac are the most technologically advanced in terms of creating publically facing ones.
Ultimately he believes: “Technology will democratise everyone’s business model, and consumers are increasingly going to want more privacy, better knowledge around privacy, and better access to information.”
*This article was first published in our email for paying subscribers early on Wednesday morning. See here for more details and how to subscribe.