Download your guide to PSD2
Get your free copy in your inbox nowGet your guide
What is PSD2?
The Revised Payment Services Directive (PSD2) is a set of laws and regulations for payment services in the European Union (EU) and the European Economic Area (EEA). It’s been around for a while - it was passed in 2015 - but the most important aspects for online payments come into effect on 14 September 2019.
Why is it necessary?
A lot has happened since PSD1 was passed in 2007. Apple have released 18 versions of the iPhone, scientists have cloned human cells... and Europe’s online payments have been rocked by market developments. Read more detail on the background here and read on for a summary of the major trends...
Increasing online payment fraud in Europe
The European Central Bank (ECB) recorded a 66% increase in card not present fraud (online payment fraud) between 2011-2016, which was the main reason behind why fraud overall increased by 35%. Online fraud now makes up 73% of fraud in Europe and this is steadily rising.
The rise of the API economy
Application Programming Interfaces (APIs) allow different systems to talk to each other. APIs are fundamental to the success of companies like Amazon, Google, Uber, Stripe, Braintree etc. and they’ve supported the creation of whole new business models, including fintechs. APIs will provide the means for banking and payments to become more open.
Unregulated new business models
Since PSD1 there has been growth and innovation in the digital payments market with a whole host of new fintech players. So far, these new business types have not been fully regulated and agreements have been somewhat ad-hoc. PSD2 will provide standards and structure and allow these new companies to access customer bank accounts.
The goals of PSD2
- Make the European payments market more integrated and efficient
- Improve the level playing field for payment service providers (including new players)
- Make payments safer and more secure
- Protect consumers from fraud
PSD2 is part of a wider legislation which has a whole range of implications for banks, payment providers, third party providers and consumers - more detail on far-reaching effects in this podcast. On this page we’ll focus on the changes to online payments and how they will affect online sellers and payment providers.
PSD2 aims to secure digital payments and expand the financial ecosystem
Key changes for online sellers and payment providers
Strong customer authentication
Most online payments in the EEA will require strong customer authentication. This means two-factor authentication which meets the European Banking Authority (EBA) requirements - we’ll come back to this later.
Payment provider licensing
Any company providing payment services in the EU will require a payment license and be authorised and registered by the EBA.
Opens bank data to third parties
Opening up of bank data to make room for new players, including two new kinds of third party providers (TPPs):
How and where will SCA have an impact?
Under PSD2, strong customer authentication is required on all payer-initiated transactions when both the card issuer and acquirer are within the EEA. If only one of the two is within the EEA, SCA is not required - so a business based in the US with a US bank would not be required to enforce strong authentication. This type of transaction is called 'one leg out'.