In the era where technology and digitization are reshaping every aspect of our lives, the financial industry is no exception. The Payment Services Directive, commonly called PSD2, emerged as a key player in today’s age. Since its inception, PSD2 has shifted the financial services industry by revolutionizing how we conduct transactions and interact with the sector.
What is PSD2?
Payment Services Directive 2 (PSD2) is a legislative framework crafted by the European Commission to regulate electronic e-payments and the banking landscape across Europe. The framework was designed to improve consumer protection, foster innovation and competition, and ensure legal compliance for payments within the EU. It replaced the preceding Payment Services Directive, which took effect on December 25, 2007. However, PSD2 came into force on September 14, 2019, with some deadlines being extended until the end of 2020 to facilitate the implementation of Strong Customer Authentication (SCA).
Who Is Impacted by the PSD2 Regulation?
PSD2 only affects countries in the EU. For example, the UK is no longer subject to PSD2 after Brexit. However, global firms may be required to maintain PSD2 compliance while dealing with European users. Although Payment Services Directive 2 is mainly crafted with consumers in mind, several players impacted by this directive include:
Banks Operating in the EU
Banks within the EU are forced to grant third-party access to their bank payment services. PSD2 open banking technique is designed to promote competition, remove monopolies, and enhance transparency between banks and their clients
The PSD2 regulation mandates financial firms to share information pertaining to accounts, balances, and movements of funds with companies having consumer-granted access. Moreover, they should facilitate payments processed by third-party service providers. To accomplish this, banks are required to deploy Payment Initiation Services (PIS) to facilitate transactions between customers and merchants’ accounts.
Payment Service Providers (PSPs)
PSD2 introduces crucial security requirements to reduce payment fraud. PSPs are mandated to apply SCA whenever a user conducts an e-transaction.
SCA is a type of Multi-factor Authentication (MFA) designed to link payments to the users. In the realm of online payments, there is a need for a dynamic connection between the transaction amount and the payee’s account.
It is worth noting that several payments are exempted by PSD2 SCA. This includes low-value payments and transactions conducted by firms that can prove to have other authentication systems in place, like an effective fraud detection system.
Suggested Read: Role of Business Verification in International Payment Gateways
PSD2 mandates brokerages and banks to enhance transparency when it comes to calculating exchange rates. Moreover, they are banned from charging particular exchange fees.
Payment Services Directive 2 opens the door to Account Information Services Providers (AISPs) and Payment Initiation Services Providers (PISPs). These types of services facilitate customers to make payments to merchants directly from their accounts directly, serving as an alternative to credit card payments. The services are introduced to lessen the complexity of e-payments and to make them more secure.
Regarding financial services, Payment Services Directive 2 is also introduced to facilitate consumers. The open banking strategy is to promote a sense of competition between third-party services offering financial goods independently of the clients’ existing banks.
Since its inception, open banking and PSD2 have helped clients access more services from challenger banks and neobanks, as well as services such as mortgage applications, money management, etc.
Why Do Businesses Need to Be PSD2 Compliant?
- To harmonize the legal framework of banks in the EU
- To enhance banking security and transparency
- To create a fair and equal competitive landscape for PSPs
How to Comply With PSD2?
Fulfilling PSD2 compliance requirements will demand several actions and procedures based on the type of your company.
Begin Implementing MFA
As MFA is essential to Payment Services Directive 2, you must ensure that it’s integrated into all the services, applications, and platforms. This requirement is to be fulfilled by all merchants, processors, or online financial services.
Check Your EU Operations
It is essential to assess your operations for PSD2 compliance in case you are running a business in the EU or are having significant traffic from Europe. This includes implementing MFA and complaint response methods that must fulfill PSD2 requirements.
Enhance Your Anti-Fraud Efforts
Although PSD2 helps in mitigating the risk of card-not-present scams in Europe, you must brace yourself for a surge in case your business is running in the US and other countries. Make sure that you establish efficient firewalls and conduct penetration testing.
Banks reject unverified payments, which increases the decline rate and decreases the conversion rate for digital firms that do not fulfill SCA requirements. Moreover, non-compliance with Payment Services Directive 2 requirements can cause banks and PSPs heavy penalties. Thus, enhancing your anti-fraud efforts is essential to better comply with PSD2.