What is PSD2, and How It Impacts The Financial Business World?
The European Union’s Payment Services Directive (PSD2) is one of the most recent payment services that came into effect in September 2018 to boost digital banking innovation while enhancing security and consumer rights.
PSD2 is an EU rule that significantly influences how banks, payment processors, and fintech companies conduct business worldwide.
This article is a walkthrough of various benefits and challenges PSD2 comes with, the key difference between PSD2 and PSD1, whom it impacts, and most importantly, what it means for your business.
Table of Contents
What is PSD2 (Payment Service Directive)?
The amended Payment Service Directive (PSD2), an upgrade to the previous PSD1, was enacted in 2007 and established a unified market for payment services in the European Union (EU).
Many additional service providers introduced new ways to make online payments soon after implementing the original PSD.
Small companies and individuals were engaging with new financial services and apps as the open banking system gained traction in the European market.
PSD2 was adopted to foster innovation and competition in the banking industry and promote innovation while protecting customers through a unified regulatory approach.
PSD2 significantly influences two crucial areas — Customer authentication and third-party access to consumer accounts.
Key Changes: What’s different from PSD1?
Avoiding fees on payments
PSD2 outlaws surcharges on card payments made by customers for online or in-store purchases.
PSD2 allows and governs consent-based access to consumer accounts. Under this law, banks that keep customer payment account information should allow third-party providers safe access to customers’ banking information after obtaining the consumers’ approval.
‘One leg out’ transactions
It refers to transactions involving a payment service provider (payer or payee) located outside of the European Union.
PSD2 will broaden the scope of one-leg-out transactions, including foreign exchange payments, and PSD1 did not cover these transactions.
Increased online payment security
PSD2 provides robust customer authentication, enhancing security and protecting consumer information. It also adds an extra layer of verification to combat online remote payment fraud.
PSD2 Timeline
PSD2 is an updated and developed version of PSD1. PSD2 has also undergone significant development since PSD got introduced in 2007. The last update was in September 2021.
Check out the full timeline here.
Who does PSD2 impact?
Banks, payment processors, and brokerages will all have to change how they engage with consumers and handle cybersecurity due to the changes PSD2 brings.
It will impact them in the following ways:
Consumers: PSD2 will allow companies such as Amazon, eBay, Etsy, etcetera to access bank account information with the consumer’s consent.
It intends to make internet buying more convenient for customers while promoting innovation.
Banks: Banks will need to deploy enhanced security controls since they are accountable for limiting fraud risk.
It includes analytics to verify the provenance of inbound API requests and sophisticated fraud and cyber-attack detection capabilities.
Brokerages: Banks and brokers would be required to make their currency exchange rates more transparent under PSD2. They won’t be able to charge some of the processing costs, either.
Benefits of PSD2
Third-Party Access through an Open API
PSD2 will make it much easier for authorised third parties to access customer data when the customer has given their explicit consent through an open API.
Clients of new services will be able to manage their finances better, whether they are corporations or individuals.
Surcharge Ban in Specific Cases
In some circumstances, businesses are not allowed to
impose fees under PSD2.
The ban on surcharging applies to both domestic and cross-border payments and B2B and B2C businesses. Essentially, it will cover 95% of all EU card payments.
Ticketing, food and travel, and delivery websites, for example, are no longer allowed to charge additional fees for using a debit or credit card to pay.
Greater Transparency with Customers
PSD2 is about ensuring transparency between financial businesses and their customers. For example, brokers will have to make the currency conversion rates more transparent in transactions with their customers.
Prompt Resolution of Complaints
The PSD2 also compels payment providers to handle complaints in a timely way, regardless of who is making them (customers or law enforcement).
Authentication with many factors
Another critical feature of PSD2 is that all payment processors and digital banking providers must implement multi-factor — or at least two-factor — authentication for user logins such as pins and passwords.
Challenges
The banks may experience fewer consumer interactions due to the API mandate in PSD2, which allows third-party services to deliver a better digital banking experience.
There are also concerns about who is responsible for failed transactions. Banking associations are concerned that TPPs will have access to customer information with no formal contracts or clear responsibilities. What if a security breach occurs?
Moreover, TPPs are concerned about undergoing multiple certifications from different countries without a standardisation approach.
Preparations for PSD2
PSD2 preparation may necessitate a few procedures and actions, depending on the type of business you run.
Put MFA into practice
MFA (multi-factor authentication) is a requirement of PSD2; you’ll want to ensure it’s integrated into all of your apps, services, and platforms.
Conduct an audit of your EU operations
Conduct an audit of your EU operations
You should assess your operations for PSD2 compliance if you have business units in the EU or receive substantial traffic from Europe.
It entails adopting MFA as described above and PSD2-compliant response methods.
Increase Your Fraud-Prevention Efforts
PSD2 security measures will likely make card-not-present fraud more difficult in Europe; if your company is in the United States, you should increase your fraud prevention filters. Ensure you have robust firewalls in place and undertake penetration testing. Fraud prevention techniques will also be applicable if you decide to get PCI Compliance.
Key Takeaways
- PSD2 will improve financial innovation and consumer protection in the EU.
- Consider working with a PSD2 compliance partner to ensure that your business has all the necessary PSD2 compliance controls, depending on the type of services you run and where your clients are from.
- PSD2 compliance, on the other hand, will allow consumers to see a more comprehensive picture of their finances, allowing them to make more informed decisions about their finances and better manage their expenses.
FAQs
What is SCA consumer protection?
The EU Revised Directive on Payment Services (PSD2) requires payment service providers in the European Economic Area to use strong customer authentication (SCA).
Multi-factor authentication is an essential requirement to make and accept electronic payments.
What is financial conduct authority?
The Financial Conduct Authority is a financial regulatory organisation in the United Kingdom that acquires its funds from financial services sector fees and works independently of the UK government.
