The Revised Payment Services Directive — more commonly known as PSD2 or The Second Payment Services Directive — is a regulation introduced by the European Union (EU) to modernize payment services, protect consumers, and encourage innovation.
It replaced the directive adopted in 2007, which aimed to create a single payment market in the EU and provided the legal framework for a Single Euro Payments Area (SEPA).
Although the revised Payment Services Directive has been in effect since January 2018, let’s dive deeper into the nitty-gritty of The Payment Services Directive 2.
PSD2 Goals
As mentioned above, the EU created this set of rules and standards to regulate payment services.
The purpose of the second directive is to make electronic payments safer, encourage healthy competition in the payment industry, and protect consumers.
Its main goals include:
- Enhancing Security: The PSD2 focuses on making electronic payments more secure by introducing Strong Customer Authentication (SCA) based on the use of two or more authentication factors to validate a customer’s identity. This multifaceted approach helps to reduce the risk of fraud and unauthorized access to payment accounts. By boosting security, PSD2 aims to give customers peace of mind when making online payments.
- Protecting Consumers: Consumer protection is a vital aspect of PSD2. This directive ensures that consumers receive clear and transparent information about their payment transactions, fees, and exchange rates. It also establishes streamlined processes for handling complaints and disputes, providing consumers with reassurance and confidence when making electronic payments.
- Encouraging Competition: By allowing authorized third-party providers to access customer account information with their consent, this directive aims to create a more competitive payment industry environment. This fosters innovation and enables new players to enter the market. The revised directive also promotes open banking, meaning banks can share customer data with authorized providers. This helps encourage the creation of innovative financial products and services.
By striving to achieve these objectives, it paves the way for exciting innovation in the payments industry, fosters fair competition, and builds consumer trust and confidence.
While PSD2 applies to the European Union and its member states, businesses outside the EU may also need to comply with similar regulations if they serve EU customers or collaborate with EU payment service providers.
In addition, certain regions outside of Europe may adopt similar regulations inspired by PSD2 to enhance payment security and promote competition.
PSD2 Key Roles and Responsibilities in the Payment Ecosystem
As a comprehensive regulatory framework, the directive brings together various parties that play distinct roles in the payment ecosystem.
Each of these parties has specific responsibilities and contribute to the smooth implementation of PSD2 and its objectives.
- Payment Service Users (PSUs): PSUs refer to individuals or businesses that use payment services. They are the end customers who make payments and benefit from the improved security and enhanced services brought about by The Revised Payment Services Directive.
- Payment Service Providers (PSPs): PSPs include banks, payment institutions, and e-money institutions offering end customers payment services. They are responsible for facilitating payment transactions and ensuring compliance with PSD2 requirements.
- Account Servicing Payment Service Providers (ASPSPs): ASPSPs are banks or financial institutions that hold the customer’s payment accounts. They provide access to account information, execute payment transactions, and comply with the revised directive regulations.
- Third-Party Providers (TPPs): TPPs are authorized entities offering payment services or account information access. They can be Account Information Service Providers (AISPs), Payment Initiation Service Providers (PISPs), or Card-Based Payment Instrument Issuers (CBPIIs).
TPPs play a crucial role in fostering competition and innovation by accessing customer accounts with their consent and providing value-added services.
- National Competent Authorities (NCAs): NCAs are regulatory bodies designated by each EU member state. They supervise and enforce PSD2 compliance, ensuring all parties follow the regulations and protect consumers.
All these parties collaborate to implement PSD2, making payments safer, more competitive, and more user-friendly.
What Does Compliance With PSD2 Involve?
- Strong Customer Authentication (SCA): It is a vital component of the revised Payment Services Directive, ensuring that consumers verify their identity when sharing payment information with third-party providers (TPPs) and other financial institutions. SCA requires multi-factor authentication for accessing online accounts, authorizing payments, or involving third parties in service provision. And it is the responsibility of payment service providers to ensure that transactions meet the criteria of at least two-factor authentication. Therefore, for transactions conducted in the European Economic Area, 3D Secure 2 protocol is obligatory.
- Access to Account (XS2A): PSD2 allows authorized third-party providers to access payment account information with the customer’s consent. In other words, banks and payment institutions must enable access to account information for authorized third-party providers, thus fostering competition and innovation. Since the revised directive is to achieve common goals that benefit consumers and businesses, both banks and payment processors must adhere to PSD2 regulatory requirements and guidelines.
- Liability and Fraud Protection: The directive establishes guidelines for liability in case of unauthorized transactions and emphasizes the need for robust fraud prevention measures. Adequate prevention mechanisms must be in place to protect consumers and minimize the risk of unauthorized transactions.
PSD2 From the Merchant’s Perspective
Merchants operating within the European Union (EU) or providing services to EU customers must be PSD2 compliant.
What does it mean exactly? In short, they must ensure the security of electronic payments and consumer rights protection.
On the other hand, they benefit from new opportunities in the evolving payment landscape, such as open banking and innovative payment services.
In general, the advantages that The Second Payment Services Directive brings for merchants include:
- Improved Customer Experience: With PSD2, merchants can offer streamlined and user-friendly payment experiences, reducing cart abandonment rates and enhancing customer satisfaction.
- Access to New Markets: PSD2 facilitates cross-border payment services within the EU, allowing merchants to expand their customer base and tap into new market opportunities.
- Increased Payment Security: Implementing strong security measures, including multi-factor authentication, provides an additional layer of protection against fraud, reducing the financial risks associated with fraudulent transactions.
- Innovation and Collaboration: PSD2 encourages collaboration between merchants and third-party providers, stimulating the development of innovative payment solutions and services.
To fully understand the obligations resulting from PSD2 and its benefits, merchants must familiarize themselves with the specific PSD2 requirements applicable to their business.
From their perspective, the most effective approach is to work with a PSD2-compliant payment processor willing to take on all the compliance-related burden on its shoulders.
Shaping the Future of Payments and Security
Without a doubt, PSD2 is revolutionizing the payment landscape by introducing new requirements that enhance security, foster competition, and empower consumers. Compliance with PSD2 enables merchants to offer improved payment experiences, tap into new markets, and build customer trust.
While PSD2 is specific to the EU, its influence extends beyond Europe, inspiring the development of similar regulations worldwide.
As the digital payment ecosystem continues to evolve, embracing the principles of PSD2 can position businesses at the forefront of innovation and ensure they meet consumers’ growing expectations regarding security, convenience, and choice.