At present, PSD2 regulation is a hot topic for the European economic community. It brings fundamental changes to the financial sector, setting up a new way for the interaction of market players. In light of this, banks, fintech companies, vendors, and buyers are subject to change. What to expect from the directive, and what adjustments does it bring? Let’s try to figure out.
What is PSD2?
PSD2 is a Revised Payment Service Directive issued by the European Commission. It sets innovations in the EU financial field. The purpose of the document is to expand the range of services and ensure the security of online deals.
The Parliament voted for the first edition of the directive in 2007. Since then, there have been many changes in the digital world. Now, they directly influence the business industry. All this led to the need to review the document. This is how the idea of PSD2 was born. To gain a better understanding of PSD2, let’s review its central goals.
Central goals of PSD2:
- unite the European financial market
- facilitate access to commercial data
- boost payments security
What is SCA?
SCA stands for Strong Customer Authentication. To clarify, it is a rulebook with a set of steps that put PSD2 regulation into action. One of the steps requires multi-factor authentication for all online payments. It says, at least two of the three points below should be done to verify buyer identity:
- Something the user knows, like pin or password
- Something user possesses, like device or hardware token
- Something user is, like fingerprint or iris
What is open banking?
Earlier, the banks and licensed financial institutions had a monopoly on the possession of client personal data. Now, they are obligated to make this data freely available via the API – open banking. Thus, client personal information (with the consent of the client) can be used to develop fresh financial services.
This is how it works. Let’s say, the client of “Bank A” wants to take a loan, but the credit conditions do not satisfy them. The client uses a fintech service that aggregates all banks’ offers. Among all options, the client chooses the “Bank B”. He or she does not go to the bank branch but applies online. In its turn, the fintech app transfers user data from “Bank A” to “Bank B” through the API.
How PSD2 affects the market
At first glance, it may seem that PSD2 does not respect the interests of banks and clients, forcing the first to leak the data and the latter to share personal info. However, a closer look into the directive shows clear benefits for all the parties of financial relations.
PSD2 regulation gives green light for the development of fintech institutions. Thanks to open banking, companies have free access to the necessary data to build financial apps.
Let’s consider an example. Imagine you want to create a simple app that analyzes user spendings. To do that now, you should contact the bank to get access to the client account. If the bank grants access, you have to develop a specific program to integrate with core banking. Note that custom integration is compatible with a single bank system. To integrate with another bank, you have to write it from scratch.
To build an app, you can get all the necessary data through an open API. No workarounds for legal compliance, extra costs, and tiresome paperwork. You have the same opportunities everywhere in EEA. Working with banks from different countries is not a problem anymore.
The directive enhances competition among financial market participants. For the toughest opponents, it brings meaningful gains.
Profit. With PSD2 compliance, banks get an additional source of revenue. They can sell their “data as a service” or charge fintech companies a fee for connecting to the bank’s interfaces.
Clients. Open API enables easy transfer from bank to bank for a client. So, most customer-oriented banks should expect an influx of customers.
Experience. The development of financial infrastructure enriches the experience of the banking sector, expands the range of bank products, and improves the quality of service.
PSD2 obliges sellers to set up a new transaction mechanism using 3DS2.0 – an improved security protocol for online payments. Despite the need to make an effort, vendors are going to benefit from it.
Shift of responsibility
A pleasant moment for merchants is a complete exemption from liability in case of a fraudulent transaction. Before PSD2, it was the seller who compensated the buyer. With the directive come into legal force, the responsibility passes to the card-issuing bank. The bank approves or rejects the transaction and refunds in case of fraud.
More successful transactions
Before two-factor authorization, many transactions that seemed suspicious were denied. This led to large cash losses and customer outflow.
With SCA, the chance of not recognizing the fraud is tiny. The bank receives full information about the user when processes payment. Based on the data, the bank may not ask further authentication at all or request, for example, biometric verification. Thus, the risk of fraud goes to zero, and the number of approved operations grows.
Perhaps, users have the biggest winning from Payment Service Directive2. No action is required from them to comply with the new standards.
Variety of financial services. With the growth of fintech companies, users can choose the most convenient services at the lowest prices. The offers are accessible through the phone.
No bureaucracy. Open banking removes the need to do a ton of paperwork to change the bank. Users apply online. All the data is transferred automatically.
Fast payment. SCA and 3DS2.0 allow buying in one click. Users no longer need to enter the verification code sent on the device to confirm the purchase.
What are PSD2 exemptions?
PSD2 and SCA cover online transactions within EEA. But don’t worry – there is no need to go through biometric verification each time you order a taxi via Uber or renew your Netflix subscription. The authors of the document highlighted specific cases that do not fall under the regulation of the directive.
Orders made via email and by telephone. Such payments are not considered electronic.
Straight debit transactions. Payments authorized in advance when a seller charges money directly from the buyer’s account.
Purchases up to 30 euros. If many small payments one by one are detected, they are blocked by antifraud.
Anonymous payments. Transactions conducted via cryptocurrency.
Merchant initiated transactions. Subscriptions that withdraw money on a regular basis.
Deals with trusted sellers. The user may whitelist some merchants by contacting the bank.
Recurring charges. Repeated payments of the same amount to the same merchant.
B2B transactions. Corporate payments made with the help of a specific payment method.
Risk-free payments. Transactions classified as low-risk by Transaction Risk Analysis.
Transactions outside of EEA. If at least one participant of the sale is not located in EEA.
How to comply with PSD2?
To work under the Revised Payment Service Directive, you should make all payments go through the security protocol 3DS2.0. This protocol helps the issuing bank obtain detailed information about the transaction and prevent unauthorized access.
A final PSD2 timeline is December 31, 2020. By this time, you should make all the necessary preparations to move to the new protocol. All transactions beyond 3D Security 2.0 might be canceled once the deadline comes.
If you look for expert assistance in arranging secure payments, you are in the right place. We have a solid experience in implementing 3DS2.0. Many of our clients are ready to work under PSD2 regulation. Do you want to be one of them? Contact us. We are ready to help!