Payment Services Directive 2 (PSD2) is the framework designed by the European Commission for granulating electronic payments and for the European banking ecosystem to boost competition and innovation, allow for better consumer protection, and cover all legal foundations when it comes to making payments in the European Union. It came into full effect on September 14, 2019. PSD2 aims to improve the payment landscape; hence, all businesses dealing with payments in Europe should strive for PSD2 compliance.
The regulation creates a more open, positive, competitive, and secure payment landscape across Europe and provides requirements for Strong Customer Authentication. The key parts of PSD2 compliance include:
Key Parts of PSD2 Compliance
- Third-party providers: PSD2 introduces new regulated service providers to manage payments and mediate interactions between cardholders and payment processors.
- Open banking: PSD2 requires banks to provide access to open APIs so that third-party banking providers can build additional financial services.
- Increased consumer rights: PSD2 enhances consumer rights in several areas, such as introducing an unconditional refund right for direct debits in euros and reducing liability for non-authorized payments.
- Strong customer authentication: PSD2 also establishes more rigorous requirements for customer authentication during transactions, known as Strong Customer Authentication. This process generally requires at least two independent authentication elements from the customer.
Why Do Businesses Need to be PSD2 Compliant?
- Increasing banking transparency and security: A unified banking market is supposed to benefit consumers. Hence, financial institutions should increase their transparency, which will help customers gain better market information.
- Harmonize EU banks’ legal framework: PSD2 aims to simplify regulations and reduce costs by standardizing compliance across borders.
- Create a foundation for payment service providers to create equal opportunities for PSPs and boost innovation and competition.
PSD2 can open the door for non-bank financial institutions to access bank data and accounts. It improves competition in the payments landscape. The access request is based on the idea that shoppers own the accounts and data rather than the bank. This means that all regulated institutions will have access to everyone’s bank account only if the owner of the account grants permission for the specific action to be performed, such as performing a payment or retrieving bank statement information.
This creates an ecosystem for new and existing solution providers to develop new payment methods, such as investment advice platforms, open banking, and money management products. But this comes with a huge responsibility. Hence, strict guidelines are laid out regarding how two new providers get permission from consumers to access their accounts. Hence, all payment service providers should comply with PSD2 since all payment transactions across EU countries are regulated through it.
Requirements for PSD2
- Open APIs for Third-Party Access: Open banking is based on open APIs, which allow third-party providers to access customer account information. If the customer grants access, account information service providers can get the correct data via API calls.
- Strong customer authentication (SCA) is a vital part of PSD2 compliance. It is a form of MFA that aims to link all transactions to something the customer owns, like card details or a device, something the customer knows, like a PIN, passphrase, or password, and something the customer is, such as biometrics like face ID, fingerprint, or voice pattern.
- Better transparency: Companies need to provide as much transparency as possible regarding currency conversion rates, terms and conditions, and the functions of financial products.
- Faster complaint resolution: Payment service providers need to resolve complaints in a timely manner. All incidents, such as data breaches or GDPR issues, should be reported to the EU regulatory bodies.
- Removing credit card surcharges: B2B and B2C companies in food, travel, ticketing, and deliveries are not allowed to add extra charges for processing credit card payments.
PSD2 allows for creating AISPs (Account Information Service Providers) and PISPs (Payment Initiation Service Providers). But there are a few requirements to be followed, such as:
- PISPs can initiate SEPA Credit Transfers. However, these transfers will be final, which means that they cannot allow chargebacks; thus, the transactions will be quicker.
- Companies like airlines or event organizers are not allowed to charge an additional card fee on top of the transaction value.
- AISPs may use business bank account data to create value-adding services for verification purposes, simple money management, and saving and investment advice.
- To protect customers when paying online, PSD2 requires better security and hence mandates Strong Customer Authentication (SCA), also called two-factor authentication.
Takeaway
PDS1 led to inconsistencies since different countries interpreted it in various ways. Platforms were reviewed as facilitators instead of being the party responsible for the purchase and sale. However, PSD2 aims to create more security and a better customer experience while also clearing up the gray areas for platforms. It requires them to have the same payment license as other businesses if they act on the seller’s and buyer’s behalf.
Also Read Interesting articles at Entrepreneursmash.com