Cookies on Pinsent Masons website

Our website uses cookies and similar technologies to allow us to promote our services and enhance your browsing experience. If you continue to use our website you agree to our use of cookies.

To understand more about how we use cookies, or for information on how to change your cookie settings, please see our Cookie Policy.

UK regulator considers opening up access to data from payment systems

The business chosen to provide the central infrastructure behind new payments architecture in the UK could be required to give companies active in the payments market access to the "global transaction datasets" it will hold, according to plans under consideration by a UK regulator.02 Jul 2018

The Payment Systems Regulator (PSR) confirmed that the option could be pursued in a new discussion paper it has published on data in the payments industry.

The new payments architecture (NPA) reforms promise an overhaul of the infrastructure currently used to support some of the UK's major payment systems, through which trillions of pounds' worth of payments are processed.

Work on the reforms is at an early stage, and to-date no business has been selected to provide the new infrastructure that is to be developed, however it has been tipped as delivering "the next big innovation in payments". The new digital infrastructure is envisaged to support a future of real-time, 24/7 transactions as well as innovation, including 'push payments'.

The new infrastructure, coupled with the adoption of common, international messaging standards, is also expected to support the provision of more information alongside details of transactions to help consumers and business better understand what a payment relates to and to reconcile those transactions more easily, as well as have increased confidence that the payments they are about to make or have made are received by the correct recipients.

While individual payment service providers (PSPs) will have access to the transaction data they generate from the services they provide; only the New Payment System Operator (NPSO) and the central infrastructure provider will have access to all the datasets from the companies that use the payments systems underpinned by the NPA, the PSR said.

The regulator said that restrictions on access to transaction data could "make it difficult for third parties to enter the market and compete to provide overlay services that rely on that data". It said it is considering options to relieve those restrictions and promote competition and innovation in the market – the PSR is tasked with promoting effective competition and innovation in payment systems and ensuring that those systems are operated and developed in the interests of business and consumer users of those systems.

"We are considering if and how such potential restrictions in the access to global transaction datasets may create risks to our objective of promoting competition and innovation in the interests of service users," the PSR said. "Where such risks exist, we are considering options so that access to global data is not unduly or unnecessarily restricted."

"One option we are considering is placing a requirement on the NPSO to consider how the central infrastructure provider for the NPA can facilitate the safe and efficient sharing of global payments data with service providers using secure open access APIs. This could be similar in principle to the data sharing requirements of PSD2 and open banking. This could be achieved by including open access API requirements in the procurement requirements for the NPA’s central component," it said.

Angus McFadyen, an expert in payments and technology law at Pinsent Masons, the law firm behind Out-Law.com, said: "There are some serious issues to grapple with here - we are dealing with data sets with many contributors and data involving large proportions of the UK population. If there is a view to pushing ahead with opening up the central data sets held by payment system operators and their infrastructure providers, it’ll be interesting to see how the public good is evaluated against the risk of damaging consumer confidence - we saw many examples of poor messaging around the introduction of PSD2 - and other issues such as potentially increased potential for sophisticated fraud." 

"The costs of opening up these data sets would also be significant - many tens of millions would be invested into making it happen, and whether many organisations would be sophisticated or tooled up enough to interrogate such complex data sets is another question," he said.

In its paper, the PSR also said that consumers' reluctance to share their data with third parties to provide "overlay services" is a further potential barrier to competition and innovation.

It suggested that a major education and awareness programme could be mandated in a bid to build consumer trust in data sharing.

"End user reluctance to provide access to their data due to lack of trust, data protection concerns or aversion to technology could potentially restrict demand for new overlay services, negatively affecting competition," the PSR said. "We consider that there is potentially a range of actions that could be pursued to address this reluctance."

"One solution could be campaigns to educate consumers about how their data will be used, including the regulations and initiatives that are in place to protect them. This could help end users make informed decisions about data sharing and consent. Campaigns could be launched by individual PSPs, or might be organised centrally, through an industry body such as UK Finance or through the NPSO, or by public authorities (such as the Money Advice Service). Any consumer education campaigns could be run alongside, or be incorporated into, existing industry initiatives promoting the benefits of open banking and PSD2," it said.

According to the PSR, 'payments data' encompasses "a mix of financial, transactional, behavioural and other types of data, which PSPs and other entities collect in the process of providing payment services to end users", including data that is "actively provided by the end-user and … passively obtained".

The PSR is seeking views of stakeholders on the topics addressed in its paper. The deadline for submissions is 3 September.