Many holders of an online current account will remember this date: September 14, 2019, the date of entry into force of some important changes provided for by the European PSD2 (Payment System Directive).
In fact, we recall that with the EU directive, banks have lost the monopoly on customer current account data: they are now obliged, provided that the owner of the online or traditional current account agrees, to share with third parties all information in their possession on customers’ bank details. Traditional institutions are strong in their know-how in data protection and in the stability of their well-established control systems, while third parties who want to access this information will be supervised by national authorities and must guarantee high security standards.
But will this sharing be a mere information service? Probably yes. It is evident, in fact, that the aggregate collection of data on income and expenses from different accounts can only result in the offer of ad hoc services such as personalized financial planning, advice on investments, assets, portfolio management, and more.
The third parties that can have access to the data are in fact called Aisp, Cisp, Pisp. Acronyms that are best to start knowing because they could play an important role in consumers’ lives (and savings).
The Aisp, better known as the Account Information Service Provider, are services that analyze our current accounts and bank movements (of those who have given consent), in order to aggregate their data and provide an overall picture of the financial situation of a current account holder. Based on these data, they provide a tailored financial advisory service.
The Pisp (Payment Initiation Service Providers) are instead intermediary companies between the owner of an online current account and their bank and have the purpose of paying money to a third party. Through Pisp you can make a payment on an e-commerce site without entering your credit card data as the seller himself, authorized by the consumer, will be able to access the account directly and withdraw.
Finally, the Cisp (Card Issuer Service Providers), subjects that issue payment cards directly linked to the online checking account, even if it has been opened in a different institution. Cisps therefore provide the card but do not hold the client’s money, however reserving a privileged channel to access it.
Consob, which in Italy has a supervisory role over banks and markets, warns against sharing data with these realities: open and shared access to information from institutions brings with it potential benefits combined with a series of related risks significant. One for all: the increase in the number of individuals authorized to operate in this new value creation system could lead to a significant reduction in the margins and profits of the operators involved, as well as the generalized increase in the system’s vulnerability and therefore in the costs related to the cybersecurity.