PSD2: What it means for online merchants and their customers

This article was first published on PaymentEye.

After coming into effect on Saturday on January 13th, the Second Payments Services Directive (PSD2) is set to create a noticeable shift in the European payments landscape. By granting third-party payment providers access to customer data, the industry is set to undergo some serious changes in the age of data sharing and consumer information.

Firstly, what is PSD2?

PSD2 is data-driven legislation that aims to increase competition, innovation and transparency across the European payments market and to increase the security of digital payments and transactions.

While the legislation brings direct challenges to banks by opening up data, it’s actually a directive that can work in banks’ favour to update their systems, increase collaboration and improve their fraud prevention and security platforms. As well as the sharing of data, under PSD2, third parties will be able to initiate online payments directly from the payer’s bank account via an online portal. This will bring new opportunities in convenience and cost for online businesses in how they accept payments.

The regulation requires that all member states implement these rules by 13 January 2018. The Regulatory Technical Standards (RTS) will then apply 18 months from the date of entry into force, and the deadline will likely extend into 2019 depending on how long it takes to publish the final RTS.

What are the main objectives?

The main objectives of PSD2 are:

• Enhance security
• Promote competition
• Ensure technology and business-model neutrality
• Contribute to the integration of payments in the EU
• Protect consumers
• Facilitate innovation and enhancing customer convenience

PSD2 is expected to lead to a major change in terms of the accessibility of customer data to authorised third parties when the customer has given their explicit consent.

PSD2 legislation says “there’s too much online fraud”, and one of the aims of the derivative is to improve consumer protection against fraud and enhance security requirements through the use of strong customer authentication.

This represents both a challenge and an opportunity for the payments industry. Getting it right is a win/win in terms of security, trust, and convenience for a customer. Getting security wrong could have the opposite effect.

Why is PSD2 important?

PSD2 will contribute to a variety of changes in the payments industry, including open banking, creating an integrated payments ecosystem, increasing competition with the emergence of fintechs and new entrants, and enhanced security and fraud prevention.

With open access and integration of payments, addressing fraud is important to protect financial institutions and merchants. Businesses should look to set operational limits and maintain control of their fraud and payments strategies in order to stay one step ahead. There’s no doubt that PSD2 marks a paradigm shift in how payments are performed, monitored, and accepted.

Improvements of fraud prevention and opening up access of data is great news for consumers – enabling merchants and other permitted parties to accept payments without redirecting back to a third party (banks, in this case).

Banks, however, need to work hard to ensure their legacy systems comply with the new regulatory standards, and ensure their systems have open APIs in place to ensure the reliability of third-parties requesting access.

Each member states’ regulators will monitor borderless payments in real time, and therefore, require enhanced security and fraud protection measures to keep up with the demand and transparency of the legislation.

A recent report by UK Finance states new legislations under PSD2 will drive innovation and create a digital single market in Europe, which aims to make the EU’s single market fit for the digital age. The new measures will ensure that all Payment Service Providers (PSPs) active in the EU are subject to supervision and appropriate rules, and make it easier for new entrants to gain a foothold in the payments space. From a price and innovation perspective, this is really good news for merchants.

How will PSD2 change the payments industry?

A consumer’s financial information and data has historically been held by banks, but with PSD2, the biggest shift consumers will start to notice is the permission of individual financial data and information to be held by the customer.

Customers will be able to use payment account information services where their payment accounts are accessible online, making internet and mobile payments easier, helping customers to manage their accounts, data, and make better comparisons when purchasing.

Surcharges will be also be banned for card payments and across various industries (travel, e-commerce, retail.) This will be applicable for both online and in-store transactions.

Payments UK also predict that changes under PSD2 will result in the ‘development of products and services that allow customers to optimise the use of their account and transaction data.’

‘PSD2 could help open up new markets and encourage new market entrants, some of whom will offer services that will assist people who are currently financially excluded.’

Will PSD2 foster greater innovation?

To an extent, yes. Banks and financial services can turn PSD2 regulation into payment innovation by providing a seamless and omnichannel payment experience that becomes the new standard of processing transactions.

An in-depth article by KPMG states that PSD2 provides a “massive opportunity for banks to turn the regulation – and the broader shift towards open banking – into a competitive advantage.”

The article continues: “Banks could create their own Account Information Service Providers (AISPs) to provide their customers access to their other payment methods, all within one branded mobile app. Banks will eye up strategic partnerships with fintechs to use that data to identify trends and create new targeted customer propositions.”

As this trickles down into payments products for merchants and options for customers, a lower-cost and seamless payment vista comes in to view. However, this has to be caveated on the assumption that this is done right, not least that fraud rates are reduced and controlled.

How will PSD2 protect customer data?

Under new regulation, PSD2 will enable greater security measures and protect customer data with the application of giving access to third parties. However, banks will ultimately hold the responsibility for protecting consumer data.

Payments under new PSD2 regulation will enable customer protection in a variety of ways. All Payment Service Providers (PSPs) are required to establish a framework to manage operational and security risks.

Learn more about PSD2 and SCA here.