Banks, payment gateways, and business owners are all concerned about the EU’s second payment services directive, PSD2, and how it will impact their operations. Below we shed some light on the subject by answering several important questions.
What is PSD2?
According to the European Commission, the purpose of the directive is to improve the existing EU rules for electronic payments, making the international payment process (within the EU) easier and more secure. PSD2 takes into account emerging and innovative payment services, such as internet and mobile payments.
The rules of PSD2 focus on different areas:
- Electronic payments. PSD2 contains rules regarding the security of electronic payments. These rules are meant to protect consumers’ financial data, guarantee authentication, and reduce the risk of fraud.
- Payment services. PSD2 increases transparency about the products and services that payment services offer and the information requirements for using them.
- Users and providers of payment services. PSD2 clarifies the rights and obligations of both users and payment services providers.
Sandra Wróbel-Konior of SecurionPay adds that the directive requires banks to provide access to their customers’ accounts via open APIs. “PSD2 is about putting all existing players under one unified regulatory framework, even newer entrants with more modern products. The new regulation is meant to equalize and drive innovation in the European payments market.”
How does it change the payments market?
While the broad idea of PSD2 is to equalize the payments playing field, it also has many specific implications. Here are a few highlights:
- Broadening the EU payment market. PSD2 gives businesses that offer account-information or payment-initiation services entry into the market.
- Enhancing consumer rights. PSDE removes surcharges for using a consumer credit or debit card, includes a “no questions asked” right to a refund for a limited period of time after direct debit purchases, and establishes reduced liability for non-authorized payments.
- Limiting interchange fees. PSD2 caps interchange fees between banks for card-based transactions, which is intended to drive down merchant costs for accepting consumer debit and credit cards.
“Overall, payments across Europe will be more competitive and faster for the end consumer, which means more choices and better services. This will also result in greater consumer trust in the payments market,” says Wróbel-Konior.
What entities does PSD2 impact?
There are several key players impacted by PSD2:
- Account information service providers (AISPs) — entities that use financial institutions’ APIs to provide users with their account information in one application. An example of an AISP is a money management app that accesses and aggregates multiple user accounts for budgeting, spend monitoring, and general convenience. AISPs require prior authorization from the user before gaining access to their accounts.
- Account servicing payment service providers (ASPSPs) — financial institutions such as banks or credit unions
- Payment initiation service providers (PISPs) — entities that may access customer account data and initiate transactions without ASPSPs’ prior commercial agreement. Unlike AISPs, PISPs are authorized to take action with a user’s account, such as making payments on their behalf. An example of a PISP is a financial management tool that transfers a portion of a user’s balance each week to a savings account.
- Third-party providers (TPPs) — entities that are able to initiate payments through PISPs, directly from the customer’s bank account, or provide account information services. In other words, PISPs and AISPs are considered TPPs. (Quite the mouthful!)
What are the important deadlines surrounding PSD2?
Different aspects of the PSD2 have different deadlines:
- EU countries were required to incorporate PSD2 into national law by January 13, 2018.
- Banks were required to implement a testing “sandbox” environment for TPPs that includes APIs, documentation, and support by March 14, 2019.
- Final regulations regarding strong customer authentication (SCA), access to accounts (XS2A), and other related requirements are mandatory as of September 14, 2019.
PSD2 is a complex topic regardless of the part you play in the payment space. To help you better understand the new direction and comply with it, we created a lengthy guide on becoming PSD2 compliant.