PSD2 (Revised Payment Service Directive) has resulted in significant changes to the European electronic payments landscape. It aims to make payments more secure in Europe while enhancing security, boosting innovation, introducing new technologies, and increasing competition in the payment industry.
In this comprehensive exploration, we delve into the various facets of PSD2 and its implications for the European payments landscape. From understanding the key provisions of the directive to exploring the role of emerging technologies such as 3D Secure (3DS) and Open Banking, we aim to provide readers with a clear understanding of the opportunities and challenges presented by PSD2.
What is PSD2? Empowering Consumers and Driving Innovation
PSD2 standardizes and oversees two categories of services that were already present when the initial PSD was introduced in 2007 but have gained prominence in recent times: Payment Initiation Services (PIS) and Account Information Services (AIS). Account Information Services (AIS) encompass gathering and consolidating data from various bank accounts belonging to a customer into one centralized location. This enables customers to access a comprehensive overview of their financial status, facilitating effortless analysis of their spending patterns and financial requirements.
PSD2 opens the door to a new era of innovation and competition in the financial industry, empowering consumers with greater control over their financial data and fostering the development of innovative payment solutions and services.
Payment Initiation Services (PIS) provided by third-party entities, enable the utilization of online banking for making online payments. These services facilitate the initiation of payments from the consumer's account to the merchant's account by establishing a seamless interface between both parties. They streamline the process by inputting the necessary information for the bank transfer and notifying the merchant of the transaction. PSD2 also permits clients to initiate payments to third parties from a bank's application using any of the client's accounts, regardless of their affiliation with that particular entity. This means that Account Information Services (AIS) aggregate data from multiple bank accounts, providing users with a comprehensive overview of their financial status.
For this purpose, PSD2 mandates that banks need to provide access to customer account data to third-party providers (TPPs) through APIs (Application Programming Interfaces). This has led to the emergence of various payment solutions and services.
The changes have been implemented to incorporate advancements in payment technology and to tackle existing security, data, and fraud issues effectively.
PSD2 Impact: Security, E-commerce, & Open Banking
PSD2 regulations have revolutionized the financial sector, introducing enhanced security measures, redefining e-commerce strategies, and fostering innovation in Open Banking:
Security Enhancements: Strong Customer Authentication (SCA) and PSD2
PSD2 establishes stringent security protocols for electronic payments and safeguarding consumers' financial information. Payment service providers must implement robust customer authentication measures to authenticate and process electronic payments effectively.
One of the most significant aspects of PSD2 is the implementation of Strong Customer Authentication (SCA), which mandates the use of two or more authentication factors for banking operations, a requirement that was not mandatory before. This ensures heightened security and reduces the risk of fraud, thereby enhancing consumer confidence in digital payments.
SCA applies to various activities such as payments and accessing accounts online or through applications. Additionally, PSD2 introduces a more stringent criterion for what qualifies as an authentication factor.
Since the introduction of PSD2, customers have experienced alterations in the authorization process, particularly regarding the authentication methods they employ. This has resulted in a default reinforcement of security levels, necessitating more robust authentication factors. Notably, traditional written card information such as the card number, expiration date, and CVV will cease to serve as valid authentication factors. Instead, authentication factors must include elements of knowledge, possession, and inherence, such as passwords, authentication codes, or biometric data.
Impact on E-commerce: The Role of 3D Secure (3DS)
In compliance with Strong Customer Authentication (SCA), all e-commerce transactions in EMEA must adopt multi-factor authentication (MFA) to enhance the security of digital payments and ensure a safer payment experience for consumers. One of these MFA methods is 3D Secure (3DS) - a security protocol that requires customers to complete an additional authentication step before completing an online card payment, thereby reducing the risk of unauthorized transactions. 3D refers to “three domains”, the card issuer, the merchant, and the infrastructure that mediates between the consumer and the merchant.
In Europe, 3DS is required by the Strong Customer Authentication (SCA) regulation for all card payments, though it is optional in other regions.
Customer authentication is considered to be strong if it is based on the use of two or more of the following elements:
- (knowledge (something only the user knows, e.g. a password or a PIN),
- possession (something only the user possesses, e.g. the card or an authentication code generating device),
- inherence (something the user is, e.g. the use of a fingerprint or voice recognition).
These elements are independent (the breach of one element does not compromise the reliability of the others) and designed in such a way as to protect the confidentiality of the authentication data.
Open Banking and PSD2: Driving Innovation and Collaboration
Open Banking and PSD2 are related concepts that are often used interchangeably, but they refer to different aspects of the financial industry, particularly in the European context.
- PSD2 (Revised Payment Service Directive) is a regulatory framework introduced by the European Union to standardize and regulate payment services within the European Economic Area (EEA). It mandates banks to provide access to customer account data to third-party providers (TPPs) through APIs (Application Programming Interfaces), facilitating the development of new payment services and fostering competition and innovation in the banking sector. PSD2 also introduces Strong Customer Authentication (SCA) requirements to enhance security for electronic payments.
- Open Banking is a broader concept that encompasses the idea of opening up banks' data and infrastructure to third-party developers, enabling them to build new financial products and services. While PSD2 is a specific regulatory directive, Open Banking is a broader movement aimed at fostering innovation and collaboration within the financial industry and can be implemented voluntarily by banks in various jurisdictions worldwide. Open Banking initiatives may include API development, data sharing agreements, and collaboration with fintech companies to provide enhanced financial services beyond what traditional banks offer.
Open Banking initiatives encourage banks to open up their data and infrastructure to third-party developers, enabling the creation of new financial products and services beyond traditional banking offerings.
Conclusion
PSD2 has undoubtedly reshaped the European payments landscape, ushering in a new era of innovation, security, and consumer empowerment. By embracing the principles of PSD2 and Open Banking, financial institutions and merchants alike can capitalize on new opportunities, enhance customer experiences, and drive continued growth and innovation within the payment industry.
