With the Payment Services Directive 2 (PSD2), gone are the days of worrying about how secure your online banking and ecommerce payments are.
The banking industry is constantly moving towards more open and secure payment methods to keep customer's online transactions safe.
What exactly is PSD2?
PSD2 is a directive passed by the European Union in 2015 to create a harmonised market for payment services across the EU.
It was created to increase competition, spur innovation, increase the security of electronic payments, and create a new framework for payment services.
What are the objectives of the PSD2 directive?
The implementation of PSD2 has three main objectives:
- Increase competition and innovation by allowing non-bank payment service providers (PSPs) to access the payment infrastructure and offer payment services.
- Enhance security by introducing strong customer authentication (SCA) and setting out rules on liability.
- Protect consumers by establishing rights and obligations for payment service providers, such as the right to reimbursement for unauthorised payments and the obligation to inform customers about fees.
What is open banking and how does PSD2 impact adoption in Europe?
Open banking is the sharing of financial data and the use of Application Programming Interfaces (APIs) that allows third parties to develop new financial products and services.
The implementation of PSD2 has been integral to the growth of open banking in Europe, making it a legal requirement for banks to provide access to customers' financial data via APIs for authorised third-party organisations.
What’s the relationship between PIS and PSD2?
PISPs are authorised to process payment transactions on behalf of their customers. They are a key component in the open banking system, allowing customers to make payments directly from their bank accounts through a third-party application or website.
PSD2 regulates PISPs, establishing the requirements and obligations they must meet, such as obtaining authorization from national authorities and adhering to Strong Customer Authentication (SCA) regulations.
What are Account Information Services Providers (AISP)?
AISPs are given authorisation to access and utilise customers' financial data from different bank accounts to provide a comprehensive view of their financial situation.
They can offer an array of services, from budgeting tools to customise financial advice and comparison websites.
Much like PISPs, they are also subject to PSD2 regulations, which establish the requirements and obligations they must comply with.
What is exempt from PSD2?
PSD2 provides several exemptions from its requirements, which includes:
- Payments below a certain threshold (e.g., payments below €30).
- Transactions between accounts held by the same payment service user.
- Recurring or regular payments initiated by the payment service user.
- Contactless payments initiated by the payment service user, up to the value of €50.
- Payments initiated by the payment service user through a trusted beneficiary, which are exempt from strong customer authentication (SCA).
It's worth noting that these exemptions come with certain conditions and limitations, and may not always apply to every business, institution, or transaction.
Are there any risks because of PSD2?
PSD2 implementation carries several risks, particularly in terms of open banking.
Risks to Customers
- Unauthorised payments – There is a risk that unauthorised payments may be made through open banking services.
- Lack of clarity on fees and charges – There may be confusion among customers about the fees and charges associated with different open banking services.
Risks to Businesses
- Compliance risk – Businesses offering open banking services must ensure compliance with the requirements of PSD2, including strong customer authentication and data protection measures.
- Data protection risk – Businesses handling customers' financial data must ensure that appropriate measures are in place to protect this data from unauthorised access or misuse.
It must be noted that humans are generally the weak link when it comes to any financial security. Both customers and companies need to be aware of their own security measures and scrutinise any transactions that appear in their name.
PSD2 benefits to customers and businesses
Despite the risks associated with PSD2 and open banking, there are numerous benefits for customers and businesses.
- Enhanced security – PSD2 introduces strong customer authentication requirements, which can help to reduce the risk of fraud and unauthorised payments.
- Greater choice – The increased competition brought about by open banking can lead to a wider range of financial products and services being available to customers.
- Improved financial management – AISPs can provide customers with a consolidated view of their financial situation.
- New business opportunities – Open banking provides opportunities for businesses to develop new financial products and services.
- Improved customer experience – The use of open banking and APIs can enable businesses to offer more personalised and seamless experiences to their customers.
PSD2 is a directive designed to modernise and harmonise the regulatory framework for payment services within the EU. Its main objectives include increasing competition and innovation in the payment services sector, enhancing the security of electronic payments, and protecting consumers.
If you have any questions about PSD2 or would like to find out more, please don't hesitate to contact our team. They would be happy to assist you.