Find out the essentials of PSD2, including the origins and the proposed regulatory standards.
The Revised Payment Services Directive (PSD2) is a European directive that will change banking and payments as we know it.
PSD2 is something that all businesses dealing with payments in Europe need to be aware of.
Now, the deadline is fast approaching for businesses to take action, before regulations come into effect in early 2018.
So, now is the perfect time to explore the essentials of PSD2, how it may change the payment landscape, and give you insights into this much talked about topic.
This is the first installment of a series of articles on PSD2. In future posts, we'll explore PSD2's impact on marketplaces, fraud and authentication, and dive into the future of Euro Payments.
So let’s get the basics down first.
The Payment Services Directive origins
In 2007, the Payment Services Directive (PSD) was proposed, with the goal to create a single market for payments in the EU.
It simplified payment processing, and created the rules and regulations for payment services in the EU. This opened up the gates for new payment service providers to arrive - one being Adyen.
PSD provided legal foundations for Europe’s bank payments infrastructure (Single Euro Payments Area), powered by IBANs and Direct Debits.
The PSD provides the legal framework within which all payment service providers must operate.
The PSD came into force in 2009 and continues to regulate electronic and non-cash payments across the European Economic Area. This area includes the European Union, Iceland, Norway, and Liechtenstein.
The regulations bring great benefits to the European economy. This includes quicker payments throughout the EU, more transparency and information for consumers, strengthened refund rights, and more.
In 2013, the European Commission published a proposal for the revised version of the Payment Services Directive, known as PSD2.
PSD2's goal is to ensure consumer protection across all payment types and create a more open, competitive payments landscape across Europe.
The second PSD was approved in 2015 and Member States have until January 13th 2018 to implement into national law.
What PSD2 does
Merchants, Payment Service Providers, and nonbank payment institutions longed for access to the most precious asset that banks have: the bank account.
The request for access came on the grounds that data and accounts are owned by the shopper, rather than the bank.
The European Commission decided that the second payment services should open the door for non-bank financial institutions to access banks’ data and bank accounts.
Essentially, every regulated institution will have access to everyone else’s bank account; provided that the owner (the consumer) of the bank account grants permission for the specific action to be performed. This could be an action such as retrieving bank statement information or performing a payment.
Did you know? Adyen is fully compliant, and PSD2 ready.
The result is an ecosystem of new and existing solution providers. New payment methods, investment advice platforms, and money management products may be developed within this ecosystem.
With opportunity comes responsibility. So the tradeoff will be strict guidelines on how new providers get permission from consumers to access their accounts.
With all payment transactions across EU countries being regulated through PSD2, all payment service providers must be ready to comply.
PSD2’s key changes
PSD2 law allows for the creation of Account Information Service Providers (AISPs) and Payment Initiation Service Providers (PISPs).
PISPs will be able to initiate SEPA Credit Transfers. Unlike Direct Debits, the transfers will be final, they won’t allow chargebacks and transactions will be quicker.
AISPs will be able to create many types of value-adding services for merchants, leveraging the data in their many banks accounts. This could be anything from verification purposes, investment and savings advice, to simple money management.
Requirements around surcharging will change too. For example, companies such as event organizers and airlines will not be allowed to charge an additional card fee on top of the transaction value.
To better protect customers when paying online, PSD2 requires more security and mandates Strong Customer Authentication (SCA), also called two-factor authentication.
This can be seen as a negative side-effect of security as the break in the checkout process can lead to cart abandonment.
However there are ways to improve your SCA, without you having to lift a finger.
PSD2's next steps
Member states have two years, ending in January 2018 to implement the changes into their national laws.
At the same time, the Regulatory Technical Standards (RTS) that provide further details on certain directive aspects are still being discussed.
In June 2017, the European Banking Authority responded to the European Commission with a final draft of the Regulatory Technical Standards on Strong Customer Authentication and common and secure communication under PSD2.
With all the information released, it looks like PSD2 will be finalized by the end of 2017. As well as SCA coming into effect in Spring 2019.
As a fully regulated PSD2-ready payment provider, we’re here to guide you through the changes, and provide seamless services throughout the disruption.
We hope you enjoyed reading and gained more information about the essential PSD2 changes. In the next article we’ll explore the impact on the marketplace business model.
Did you enjoy this article?
Stay up to date with the latest payment news, including regulation by signing up to the newsletter.