Bringing in PSD2 will result in a fundamental shift in Europe’s payment legislation. This will revolutionize the entire financial industry, impacting everything from how we pay online to what information we see when making a payment, all so customers can easily access banking services.
But because adapting to the new requirements would require a lot of work and investment in the industry, the date when PSD2 was supposed to go into effect is constantly changing.
First, the directive was supposed to take effect in January 2016. Then, it became fully effective on 14 September 2019 for all countries in the European Union. However, due to delays in implementation, the European Banking Authority granted an extension until 31 December 2020. Meanwhile, in the UK, the new deadline will be 14 March 2022, set by the Financial Conduct Authority.
What is PSD2, and why it took so long to implement it? And most importantly, what does it mean for customers and Fintech companies?
What is PSD2, and what does it stand for?
PSD2 (Payment Services Directive 2) is the EU’s attempt to both encourage innovation in the financial industry, make the online experience smoother for the customers and also curb the online fraud attempts at the same time. As part of the initiative, PSD2 aims to create more innovative ways of making online and mobile payments, improve payment security and also give the consumers control over who and how uses their personal data.
What’s equally important is that directive will level the playing field for all payment providers in Europe (including Fintech companies and new companies), aiming to create a more integrated, safer, and efficient European payment market. That will give consumers from all European countries far more options when it comes to retail payments, as well as far more knowledge and control over the payment services that have access to their data.
What are the key points of PSD2?
The main areas PSD2 will affect are customer authentication, data security, and third-party access to consumer accounts. First of all, this new regulation will require all online transactions to be verified with multi-factor authentication (MFA). The authentication elements should also be independent so that in case of a security breach, the other verification method will still be reliable.
But to make it simpler for online banking consumers, the Regulatory Technical Specification (RTS) directive identifies several situations in which PSPs (Payment Service Providers) are not required to perform strong customer authentication – such as low-value payments, repetitive transactions, or transactions to trusted users.
Furthermore, PSD2 also established a set of standardized regulations for banking services, such as the Strong Customer Authentication (SCA) regulations and Common and Secure Communication (CSC). To conduct payments within the EU, all financial institutions and payment service providers must comply with new legislation. The legislation is also meant to encourage financial institutions as well as Fintech companies to include new methods of customer verification in their business – such as voice and fingerprint biometrics.
The other key change is that PSD2 will allow third-party companies to access the customer’s bank data, as long as they have the customer’s permission. Until now, consumers’ financial information and data have been held by the banks and them only. PSD2 meanwhile handles the control over the data back to consumers.
The “Payment account information services” will enable customers to check their bank account status online – and if they have multiple bank accounts, they can view all of them in one place. This will help customers manage their accounts more easily and make internet and mobile payments easier. It will also help customers make better comparisons when shopping.
What is Open Banking?
PSD2 will also promote the use of Open Banking in Europe. What is it?
Open banking is a practice that allows third-party payment providers and other financial institutions to get secure access to customers’ banking transactions and other data from banks and financial institutions. Third parties can access the data via application programming interfaces or APIs. Open banking is becoming increasingly popular as people start to demand faster and easier payments method.
As Open Banking enables faster, more secure transactions across borders and gives consumers the option to manage their finances through third parties, this gives them more choices and better service but also faster transactions than ever before.
How does it work in practice? Let’s take eBay, for example. Whenever you make a purchase there, you are redirected to a payment service (Paypal, Visa, or your local banking service), where you first have to log in and confirm the payment before your purchase can be accepted.
With open banking meanwhile, you could use Amazon or Paypal to send money or gifts securely to friends with a simple click or swipe. As long as you gave permission to those companies to access your banking data, you could just click on the “Buy now” button or “Send money to…” and let Amazon and Paypal handle the rest. In fact, you could even ask your virtual assistant like Siri or Alexa to handle the transactions for you – simply by asking Alexa to pay your regular phone bills or send money to a friend.
Having access to your bank account information might also enable you to take advantage of new, targeted financial services that improve your control over your data. For example, many of us have accounts at multiple banks or brokerage firms. Using Open Banking, you can combine all of your account information into a single dashboard that shows all of your money in one place. By doing so, you could have a better idea of where you stand financially before making any significant financial decisions and manage your finances more effectively.
What are the vital PSD2 benefits for consumers and businesses?
All this talk about regulations, security procedures and requirements might sound pretty complicated. Especially since it wasn’t that easy for financial institutions to implement the regulations. Plenty of them had to change how their whole infrastructure worked to add the necessary security measurements. In addition, most brands feared that adding verification steps to their current SCA would upset their customers since it would require more effort on their part as well as be costly and time-consuming for them.
As banks are now also responsible for mitigating fraud risk, they also needed to invest in advanced fraud prevention measures such as advanced analytics (to validate the origin of inbound API calls), customer authentication technology, and tools to detect fraud attacks.
And there were dozens of technical issues companies had to tackle while preparing for API integrations as well.
But in exchange, PSD2 can also bring multiple benefits both to customers, banking institutions, and Fintech companies.
For customers, it will make accessing banking services (even those in different countries) far easier. For example, let’s say you moved to France from the UK and want to open an account in one of their banks and take a loan. But the bank doesn’t know anything about your financial history or credit score, so you are (most likely) declined.
How would PSD2 change the situation? The bank where you want to open an account would just need to ask for your permission to access your financial data, and then it would be able to review your entire financial history from the last few years. That way, they would have enough information to decide can they give you a loan and how much they can offer you based on your credit score.
But that’s just the start of the benefits PSD2 can hold for the consumers:
- As it introduces strong security requirements for electronic payments and financial data protection, it can help to lower the number of fraud or security breaches cases.
- Under the new regulation, all third-party payment providers will be allowed to initiate payments for their customers or give them an overview of their accounts and balances.
- The new directive increases consumers’ rights in multiple areas, from allowing them to choose who has access to their financial data to reducing consumers’ liability for unauthorized payments.
- Surcharges (additional charges for payments and money transfers) are now forbidden.
- All member states of the European Union are obliged to designate competent authorities to handle complaints from payment service users and other interested parties who feel that their rights are being violated. Payment service providers must also respond to complaints in writing within 15 business days.
But for the banking industry and Fintech companies, the new European directive can be a massive opportunity as well. While many traditional institutions see it as a threat to their position (since it allows new companies or FinTech businesses to compete with them), the vast amounts of data they have now and to which they can get access might give them an advantage.
For example, they can use their data to tailor their service and offers to each customer, boosting the trust customers have in them. Partnering with third-party companies may also be profitable for the banks. As an example, they could ask Fintech companies to create innovative products for them that will improve the customer experience while also allowing them to maintain their position as trusted advisors. Meanwhile, for Fintech companies, that would be a fantastic opportunity to expand their offering into new markets and collaborate with banks to develop new products.
Using new technologies such as voice biometrics or payments, financial institutions could also gain a considerable advantage, as they would not only make banking services more convenient for regular users but much safer as well.
In an age when a friction-free customer experience is more important than a low price, partnering with other companies to boost customer experience might be just what financial institutions need to stay competitive.
Does PSD2 threaten the banking industry? Absolutely not. Businesses that take advantage of Open Banking & PSD2 can benefit consumers tremendously but also gain a lot themselves. By aggregating their financial products in one place, personalizing their offers, giving insights to their customers, or providing them with new ways to verify themselves or make payments, they might benefit from the new directive more than they anticipated.