The new European regulation is a fundamental piece of payments legislation in Europe, which entered into force in
January 2016. The regulation will drastically impact the financial eco-system and infrastructure for banks, fintechs and businesses using payments data.
What is PSD2?
The revised Payment Services Directive (PSD2) aims to better align payment regulation with the current state of the market and technology, and introduces security requirements for the initiation and processing of electronic payments, as well as for the protection of consumers' financial data.
It also recognizes and regulates
Third-Party Providers (TPPs) that are allowed to access or aggregate accounts and initiate payment services .This will shake up the payments market, particularly in the ecommerce space, by encouraging greater competition, transparency and innovation in payment services.
What is the timeline of PSD2?
After a long debate, end November 2017, the
European Banking Authority (EBA) published the final release of the RTS (Regulatory Technical Specifications), which details all the payment actors' responsibilities and obligations. On March, 13th 2018 , the European parliament and the European Council have approved them, opening an 18-month delay for their actual implementation that should happen before Sept, 14th 2019. And new dedicated Open API interfaces should be available as soon as March, 14th 2019 as part of a 6 month testing period
When do banks need to be ready for PSD2?
What is the impacts on banks and TPPs?
Security is top-of-mind
The core principles of the RTS – i.e. Strong Customer Authentication (SCA), Secured Communication, Risk Management and Transaction Risk Analysis (TRA) – have been maintained, confirming the directive's security objectives. To protect the consumer, PSD2 requires banks to implement multi-factor authentication for all proximity and remote transactions performed on any channel. This means using two of these three features: knowledge, possession, and inherence.
Smooth user experience
In order to ensure a smooth user experience, PSD2 requests banks to put in place security measures that are "compatible with the level of risk involved in the payment service" to find the right balance between security and user convenience. To simplify life for consumers, the RTS list a number of situations for which Payment Service Providers (PSPs) are not required to perform strong customer authentication. Most of these exemptions concern low-value payments, repetitive transactions and transactions to trusted beneficiaries.
Foundations for a true open-banking approach
PSD2 hinges on a critical connection between retailers, fintechs and banks. This relationship will be powered by APIs that banks need to open to any Third-Party Provider that wants to aggregate account data and/or initiate payment services.
This builds a common ground of stronger collaboration and better interoperability between traditional financial institutions and new players of the banking and payment space. And to provide a coherent and seamless user experience, banks will also have to collaborate to define a common approach, at least at a country or regional level.
Why we need strong authentication standards to deliver the promises of Open Banking
A new world of opportunity
PSD2 is a customer-centric regulation that should lead to an improved customer environment, bringing benefits not only to end users but to all banking & payment parties.
New partnerships and open-banking APIs with the right security level brought by SCA and risk monitoring can generate value by:
- Adding third-party capabilities to core offerings
- Capitalizing on consumer behavior and storing consumer preference data
- Making the multi-factor authentication process as easy as possible for the customer.
New customer onboarding will be made easier, offering end users better tools to manage their finance and enticing them to buy new products and services that can be offered by banks and TPPs.
Banks will be able to better use financial data to provide competing services at competitive rates.
Already, leading banks have started building strong partnerships and open-banking API Hubs, showing how the PSD2 regulation can be the perfect tool for more innovation in payment and banking.
Strong Customer Authentication
Strong Customer Authentication, as defined in PSD2, means that transactions are authenticated using 2‑factor authentication or more.
How to improve user experience ?
By evaluating risk and adapting accordingly, banks are able to offer a targeted approach that strikes the right balance between security and user convenience.
Innovate with Open Banking API
By working more closely with third-party actors, financial institutions can better prepare themselves for the market changes and proactively identify areas of research and development.