Definition: The Revised Payment Services Directive (PSD2), Directive (EU) 2015/2366, replaced the first Payment Services Directive (PSD), Directive 2007/64/EC, which was adopted in 2007. PSD2 is an EU Directive, administered by the European Commission (Directorate General Internal Market) to regulate payment services and payment service providers throughout the European Union (EU) and European Economic Area (EEA).
Revised Payment Services Directive (PSD2) explained
The first Payment Service Providers Directive (PSD) was introduced in 2007, which aimed to promote innovation, competition, and efficiency in the European Union by contributing to the development of a single payment market.
In 2013, the European Commission proposed an amendment to improve these objectives. It aims to improve consumer protection, increase competition and innovation in the payments market, and strengthen security, all of which are expected to facilitate the development of new payment methods and e-commerce.
The Payment Services Directive Two (PSD2) is a European regulation for electronic payment services, aimed to ensure that all payment service providers active in the EU are subject to supervision and appropriate rules.
Over the last 15 years, almost all new regulations have aimed to tighten the banking industry's business and operating model. However, PSD2 mandates that banks open up their payment infrastructure and customer data assets to third parties who can then develop payment and information services for customers.
Other significant changes brought about by PSD2 can be categorized into four themes which may at times overlap: market efficiency and integration, consumer protection, competition and choice, and security. The following are some more specific changes:
- Extension of scope to all currencies and one-leg payment transactions
- Modifications to the scope of the exclusions
- Passporting, authorisation rules and supervision of payment institutions
- Consumer protection
- New providers and new payment services
- Operational and security risk management and incident reporting
- Management of operational and security risks, as well as incident reporting
- Strong customer authentication and secure communication requirements
These rules aim to improve customer authentication processes while also introducing new regulation around third-party involvement.
PSD2 not only establishes a new, common set of payment standards, but it also requires payment services to implement "strong customer authentication" and expands the regulatory net to include services that have access to a person's bank account but are not the account service provider.
The modifications are being made to reflect advancements in payment technology as well as to address existing security, data, and fraud concerns.
PSD2 is therefore not only a technical and regulatory challenge, but also a strategic and operational one. A clear strategy, operational and infrastructure change, a clear focus on assessing and managing risks, and meticulous execution are all required to meet this challenge.