PSD2 is an European Union directive designed to regulate access to bank data, enhance security measures, encourage innovation, and boost market competition in the financial industry across all EU countries. Supported by the European Parliament, the directive aims to protect customers by ensuring secure access to their payment data.
Learn how Neontri supported the creation of a PSD2 hub that made the smooth implementation of this payment services directive possible for 300 Polish banks, enabling them to stay compliant with regulatory technical standards.
Objectives
KIR, our client and a key part of the Polish payment system infrastructure, approached Neontri with a clear objective: to streamline the process of implementing PSD2 for Polish banks. This involved ensuring regulatory compliance, meeting all security requirements, and simplifying the overall process.
Expectations
PSD2 presented a significant challenge for many banks, particularly smaller third-party payment providers (TPPs). KIR wanted to establish a system that would:
- ensure compliance with PSD2 regulations set by the European Banking Authority;
- increase security through a centralized hub utilizing strong customer authentication and secure communication protocols;
- minimize development time and costs for individual financial institutions by building the necessary infrastructure.
By establishing a standardized open banking hub, KIR also aimed to foster a more open and competitive financial ecosystem in Poland. The hub would give TPPs access to customer account data through the Polish API, allowing them to develop innovative digital payments products and online banking services. However, access to this data would be granted only with the customer’s consent, as required by PSD2.
Outcomes
Neontri developed a comprehensive solution—the PSD2 hub—that enables a secure and seamless exchange of financial data between TPPs and banks. The hub consists of three key components:
1. The Developer’s Portal registers external third-party providers, generates test data, and downloads the PSD2 API specification provided by a given bank.
2. The Sandbox is a solution designed for setting up test environments. It allows TPPs to integrate their systems with banks’ systems without involving the banks directly. This saves time and money by eliminating the need for individual test environments.
3. The Gateway API manages access to a bank’s API, verifies certificates, and makes it possible to add in more value-added services, such as anti-fraud mechanisms, in the coming future.
Poland stands out as one of the few countries, if not the only one, where banks have collaborated to create a hub for smoother PSD2 implementation. This national critical infrastructure, overseen by KIR, seamlessly connects 300 banks.
Challenges
There were a few significant challenges we came across. First of all, this directive had to be implemented on a very short notice. This meant limited development time and working on the solution without a clear picture of how each bank would integrate it. There were also many potential changes that could happen throughout the development process. Despite all of this, Neontri decided to get on with this project.
Since the banking industry is heavily regulated, there were strict deadlines to meet. Failing to do so would put banks at risk of non-compliant transactions and regulatory penalties. That’s why meeting those deadlines was crucial. The urgency was particularly high, as all financial institutions offering API solutions needed them functional for external testing by March 14, 2019. Full compliance with PSD2’s Regulatory Technical Standard was mandatory for all countries in the European Economic Area by September 14, 2019.
Another challenge was the diverse bank interfaces. So, even with Polish API, maintaining compatibility across banks with potentially unique interface implementations required ongoing effort. Moreover, adapting the hub to accommodate future updates from fintech companies and online payments providers posed an additional challenge.
Cooperation
It was a fixed-price project, which is not always the preferred approach for companies. However, Neontri took end-to-end responsibility for development, implementation, and ongoing support, maintaining close collaboration with KIR throughout the project lifecycle.
Working in an environment with 300 stakeholders is far from being easy. The more people involved, the more diverse the visions can be. The whole responsibility to sort it out fell on Neontri, and we had to put in a lot more effort than expected to make everything work as it should. Yet, we delivered what was planned and we did it well.
The team itself was dynamic, scaling to meet the project’s needs. At its core, we had a team of architects, testers, analysts, designers, managers, and 10-12 developers. This core group changed as the project progressed, making sure we had the right expertise at the right time to address challenges such as multi-factor authentication and adapt to emerging new technologies. The entire project spanned 18 months and required a total of around 24,000 hours.
Technology
The project leveraged a robust technology stack to ensure functionality, scalability, and security. The developer portal utilized Java and Spring Boot for backend development, coupled with Oracle for data storage. JBoss EAP provided a reliable application server foundation, and Active Directory facilitated secure user authentication.
For the web interface, we relied on it known for its clean structure and performance. Finally, Ansible streamlined infrastructure management, and Docker containers ensured a scalable and portable environment. The architecture emphasized risk management and consumer protection throughout its design.
Results
The PSD2 hub, the result of the cooperation between KIR and Neontri, was launched in 2019. It successfully integrated hundreds of banks with a number of third-party payment providers half a year before PSD2 came into force. Moreover, the entire infrastructure, set up and governed by KIR, aided third-party payment providers and banks in building competitive and innovative digital solutions for electronic payments and card payments.
The project expanded KIR’s portfolio of modern banking services offered by the company to the banking sector. The satisfactory results of this collaboration strengthen KIR’s position as a trusted technological shared services hub and a forward-thinking provider of innovative solutions.
Testimonial
“KIR combines the roles of a technological hub and a clearing house that processes a vast majority of transfers in Poland. Utilizing the latest technologies, ie. blockchain, machine learning, and AI, we offer services that enable secure and responsible digitization of commercial entities and public administration. Due to the company profile, KIR cooperates exclusively with proven and trusted partners. Neontri demonstrated the appropriate technical competencies and a thorough understanding of our business needs.”
Robert Trętowski, Vice President, KIR
You might be interested in:
