Whither the UK's Implementation of #PSD2?

It's still a case of 'hurry up and wait' on the transposition of PSD2 into UK law. 

The Treasury had initially said it would issue the consultation paper on transposing PSD2 into UK law in August 2016, but nothing forthcoming as at 3pm today. In mid-October, the Treasury told a stakeholder meeting at the FCA that the paper was "being finalized" with no public explanation for the delay (though one could readily speculate that Brexit related projects might be a key distraction!). 

Officials have my deepest sympathy, but it's a little more frustrating because the European Banking Authority has moved forward with consultation on certain regulatory standards related to strong authentication and communication amongst PSPs, passporting, authorization and so on.

The EBA's proposed standards associated with authentication, in particular, have drawn a fair degree of criticism from the industry and European Parliament, partly for assumptions concerning the nature of payment initiation and account information services, as well as their inflexibility and the extent to which they perhaps give the incumbent 'account servicing' PSPs more control than PSD2 was intended to allow.  It will be interesting to see whether the concerns are reflected in the next iteration, expected in December/January (although they do not take effect until at least October 2018 to allow for development work).

Guest Post at Open Identity Exchange - A Pragmatic Approach To Distributed Ledgers

The post appears here.

Thanks to OIX for the opportunity to support the initiative.

Unload The "Digital Wallet" Before Someone Gets Hurt

And that's not all...

The term "e-wallet" or "digital wallet" has always caused a physical reaction. But what started as a small twitch over my left eye in November 1999 now involves diving under a table. The term has become so loaded with giant concepts like 'identity', 'privacy', 'authentication', 'security', 'payment' and 'funds' that it's simply too dangerous to wave around in meetings.

We need to focus on more of the detail if business presentations are to have any meaning and projects are to deliver anything.

The term 'digital wallet' is impossible to define, anyway. The Oxford English Dictionary has no home for it, and it's wise to ignore suppliers' self-serving, product-specific definitions. Th'internet merely yields a confusing mish-mash: [my emphasis] "a system that securely stores users' payment information and passwords..." (investopedia) and "encryption software that works like a physical wallet during electronic commerce transactions." (webopedia). Unhelpfully, the Free dictionary explains "the wallet data may reside in the user's machine or on the servers of the wallet service. When stored in the client machine, the wallet may use a digital certificate that identifies the authorized card holder." 

Such definitions are confusing because they keep jumping the rails from party to party, feature to feature and function to function, each of which has different implications for transaction flows, data flows and funds flows (to the extent payment is even involved). 

Perhaps the only consistent aspect in the use of the term 'digital wallet' is the sense that it refers to a specific individual, or at least it should be capable of doing so. Otherwise, the term means so many different things that it's useless. FinVentures defined it to mean, "A consumer owned and controlled account that can store any electronic form of what is normally held in a physical wallet, including: payment, ID, coupons, loyalty, access cards, business cards, receipts, keys, passwords, shopping lists, …etc." Indeed, a 'digital wallet' could be a feature within an application or service, or an entire application or service, a database, a set of permissions and so on. It could reside on virtually any digital device, including a smart card or just a microchip. It could enable a specific person to initiate or conclude any kind of transaction, or merely be used in the course of intiating or concluding such a transaction.

So when you next hear the term 'digital wallet', seek cover behind a large, heavy object and try to defuse the situation by asking: 

• which parties are involved;

• which party is agreeing to do what, how do they agree, what actions are taken as a result and by whom;

• where the related data is stored and where it flows; and

• where any related funds are and where they flow.

It could save a lot of time and money.

Image from Tenets in DM.