From screen scraping to PSD3: The growth of open banking in DACH

If you Google ‘the origins of open banking’, you’ll come across the screen test conducted by the German Federal Post Office in 1980. Dubbed “My bank in the living room”, this experiment introduced around 2,000 participants to the post office’s new online banking service to make transfers, and is widely considered the first use case of ‘open’ banking.

Nearly four decades later, in 2018, the revised Payment Services Directive (PSD2) facilitated open banking on a bigger scale across Europe, requiring banks to create application programme interfaces (APIs) for authorised third-party providers (TPPs) to offer consumers meaningful financial services. 

There was major progress between those two events, as we’ll take you through in this article. Today, Germany (D) continues to lead the way in terms of adoption, though Austria (A) continues to grow with an impressive 65 open banking APIs – just 15 fewer than its larger neighbour. But with Switzerland (CH) due to launch its own instant payments platform in August 2024, and advancements in regulations and schemes on the horizon, this region as a whole continues to evolve at a rapid pace.

The introduction of the Home Banking Computer Interface 

Following the success of the German Federal Post Office’s screen test, the first-ever Home Banking Computer Interface (HBCI) was developed in Germany by the Central Credit Committee over the course of four years and launched in 1998. This communication system created open standardised protocols around messaging, transfers and security between banking software and online banking. 

With the backing of Germany’s key banking players – Sparkassen-Finanzgruppe, German Cooperative Financial Group, and the Association of German Banks – HBCI marked a step closer towards today’s open banking infrastructure with its venture into establishing connectivity.

The transition to Financial Transaction Services

Just four years later, in 2002, Financial Transaction Services (FinTs) replaced HBCI. This brought the arrival of the first banking security system – using the PIN, personal identification number, as a means for consumers to access their bank accounts online and make a transfer. Additionally, as a second level of authorisation and fraud prevention, there was the single-use transaction authentication number (TAN) used to confirm the payment. 

FinTS upgraded two years later, introducing Extensible Markup Language (XML) – a type of markup language and file format used for sending, storing and reconstructing data. This upgrade enabled information to be shared between TPPs, websites and databases even more securely, advancing account-to-account payments even further after HBCI.

So, as we can see, Germany paved the way for banking systems used all over the world today in terms of forming secure connections and enabling customers to take the lead in sending transfers. And things were to evolve even more with the arrival of new technologies and frameworks for account-to-account payments.

Screen scraping with Sofort and Klarna ‘Pay Now’

Sofort Überweisung, literally translating into ‘Instant bank transfer’, was launched in 2004 by combining HBCI and screen scraping. Screen scraping is the practice of using a ‘bot’ or programme to collect information displayed on a screen, and use it for alternative purposes. For example, a customer can share their bank login details with a TPP and give it permission to act as an intermediary, pulling data such as their account balance or transaction history to be used outside of the banking environment. 

In the case of Sofort, upon choosing the method at checkout customers were sent to a page where they select the bank they wish to pay with, before logging into their online banking account. While the name of the company and payment details were auto populated, the customer had to confirm the payment using a TAN and verify their identity before returning to the merchant’s page when the payment was finalised. 

In 2014, Klarna acquired Sofort in a move described by Klarna as Elvis joining the Beatles. However, the Swedish fintech is currently phasing out Sofort to fulfil its commitment to creating “a smooth and unified checkout process”. Italy was removed from its coverage in January 2024, and a full discontinuation from all markets is scheduled for October 2024. Merchants wishing to accept A2A payments going forward must instead use alternative options, like Klarna’s ‘Pay Now’ (its equivalent to Sofort), SEPA (covered below), or manual bank transfers. 

This move brings challenges though. For merchants, they need to remove Sofort from their checkouts on time while giving enough notice to customers. They’ll also need to migrate onto the Klarna platform if they haven’t already should they wish to offer the ‘Pay Now’ option, which means adhering to Klarna’s pricing rather than the Sofort rates they signed up for.

Should end users want to continue with the payment journey they are familiar with once Sofort has gone, they must open a Klarna account in order to follow the ‘Pay Now’ flow. With this additional step to the flow there’s a risk of a decrease in conversion rate, as it could cause friction in the payment process.

Germany introduces giropay

In 2006, payment method giropay was launched in Germany. Based on the system we know as open banking today, giropay enables consumers to pay directly from their bank account using their PIN and TAN. After selecting giropay at checkout and entering their bank name, the shopper must log in to their bank account and confirm the payment, before the amount is debited and the transaction is completed – all in real time.

In 2021, giropay merged with fellow online payment method paydirekt and P2P service Kwitt to bring all the capabilities together under the giropay brand. But recently giropay’s future has been cut short in the wake of the European Payments Initiative’s (EPI) announcement of a new ‘groundbreaking payment solution tailor-made for Europe’s present and future’. The EPI is a commercial initiative, created in 2020 by 16 leading banks – including ING and Deutsche Bank – with an aim to bring next-generation payments across Europe.

EPI’s new digital wallet solution, Wero, is launching in summer 2024, facilitating A2A payments across Germany, France and Belgium. While it will begin with P2P payments, it’s been confirmed that this will expand into online, point-of-sale and subscription payments.

The first PSD and Single European Payments Area

The first Payments Service Directive (PSD1) was set up by the European Commission in 2007, bringing about a legal foundation for safer, innovative payment services across the EU. Additionally, it gave consumers more transparency around their payments when it came to the likes of refunds, fees, and transaction settlement times.

Just a year later, the Single Euro Payments Area (SEPA) – designed to connect European banks and facilitate faster digital payments between them with the help of PSD1 – was introduced for the transfer of funds (followed by direct debit in 2009). Its full implementation across the euro area – the same year Klarna acquired Sofort – meant cross-border payments became as easy and efficient as domestic ones.

Before full implementation across the euro area in 2014, Germany introduced its own national accompanying law in 2013 – SEPA-Begleitgesetz – to ensure SEPA would become standard over the legacy rules already in place.

The evolution of PSD into PSD2

While PSD1 was revolutionary, its application across EU member states varied, causing some legal confusion and regulatory arbitrage. There was also concern over consumers sharing sensitive information.

Accordingly, the European Commission revised the PSD, thus creating PSD2 – the framework enabling open banking as we know it today. It was built with clear objectives, including creating a level playing field for new and established payment service providers (PSPs), enhancing the security of payments and further protecting consumers. This brought the introduction of Strong Customer Authentication (SCA), a  process in which consumers validate their identity through two of three requirements: something they know (a password, security answer), something they are (biometrics), or something they have (a device). 

This brought competition to the landscape, and by ensuring that every new TPP emerging was regulated it provided consumers more choice than Sofort and giropay alone. As a result, DACH now has more key players offering account-to-account payments – including Volt.

SEPA Instant and the Instant Payments Regulation

In 2017, the year after PSD2 came into force, SEPA unveiled its Instant Credit Transfer (SCT Inst), introducing standards, rules, and practices to ensure payments can be received immediately (within 10 seconds to be precise). In Q1 2024 over 17% of credit transfers were instant and, according to the Registers of Participants in SEPA, as of July 2024 Germany has the highest number in Europe – over 1,200 – offering SEPA Instant payments, with Austria coming in at over 750.

More recently, in 2023, the European Parliament agreed to adopt the Instant Payments Regulation (IPR) as an update to ensure SCT Inst adoption is mandatory. Timelines have been established for banks and payment service providers in the EU to offer payments within 10 seconds, 24/7, 365 days a year across the SEPA. 

Instant payments via the Swiss Interbank Clearing platform

As a non-EU country, Switzerland is more market-led than regulatory. Given this, open banking isn’t a known concept in the country given that PSD2, which requires banks to open up their data to third parties, isn’t mandatory. Switzerland is, however, one of the four European Free Trade Association members of SEPA. 

SEPA SCT Inst isn’t available, but there is a demand for real-time A2A capabilities. Currently there is TWINT, a mobile payment app owned by several Swiss banks, enabling instant payments from users’ bank accounts or cards. It can be used in person and online, with 590 million transactions – mostly in-person payments – processed on the app in 2023.

But there is another real-time option on the way. Soon, the Swiss Infrastructure and Exchange (SIX) group will launch its Swiss Interbank Clearing (SIC) 5 platform for small-value instant payments, starting with larger banks from August 2024 and covering all consumer-facing banks by 2026. Despite being slightly later to the game than SEPA, these payments will follow the same protocols and messaging standards applied to SCT Inst payments, and will also settle in seconds. This will hopefully only increase the number of instant payments in the country, with GlobalData forecasting the value of these payments to reach almost $90.5 million by 2028.

The SEPA SPAA initiative 

Another initiative supporting payments across the Single European Payments Area is the SEPA Payment Account Access Scheme (SPAA). A voluntary programme in which members apply to join, its purpose is to set standards, rules and best practices around ‘value-added’ premium services offered to asset holders (consumers) by asset brokers (TPPs). 

Its first rulebook was published in 2022, but an updated version came into effect in November 2023 which includes dynamic recurring payments (DRPs, the equivalent of the UK’s variable recurring payments). Real-time payments are  on the rise in Germany, and are expected to make up approximately 5% of all payments by 2028, so the new capabilities that come with SPAA are bound to accelerate adoption by further improving the customer experience. 

This may also see a rise in open banking payments in Switzerland. While adoption is lower in this market, Mastercard found that 59% of consumers would like to pay directly from their bank account without having to input details, and 49% would change banks to access at least one open banking service.

Next up: PSD3 and PSR

In June 2023, the European Commission announced the next revisement of PSD, with the arrival of PSD3 going hand in hand with a Payment Services Regulation (PSR). Together these will replace PSD2 and continue to improve the functionalities of open banking, while combatting fraud and improving consumer rights thanks to elevated SCA regulations. 

It’s expected the final version of PSD3 will become accessible towards the end of 2024, but with a transition period of around a year and a half it will likely come into effect with PSR in 2026.

There’s untapped potential for DACH payments

Open banking and real-time payments show no signs of slowing down, both in DACH and on a global scale. Though despite advancements like PSD3 on the horizon, the DACH region remains divided – with Germany and Austria adhering to the EU regulations, while their neighbour Switzerland works on its own domestic scheme. 

This makes it difficult for merchants to find consistency across the markets, given their nuances and varying adoption of SEPA SCT Inst, which begs the question: what if there was a single pan-European A2A payment method, based on pan-European legislation, available across the entire continent?

At Volt, we harmonise real-time and instant payment systems around the world, from SEPA Instant to Pix in Brazil, giving merchants the ability to expand into new markets seamlessly, while offering customers a consistent account-to-account payment experience. There is huge potential for a third party such as ourselves to pave the way in challenging domestic schemes, and we eagerly await future developments in this area.