Over the last couple of weeks the media agenda has been dominated by Payment Services Directive Two (PSD2), and unfortunately not for the right reasons. PSD2 has always been a controversial regulation, but the debate has now heated up and the European Banking Association’s (EBA) Regulatory Technical Standards (RTS) draft and the EBA Chairman’s statement has come under scrutiny.
Several organisations, including industry heavyweights such as Visa, have spoken out. They argue that the RTS imposes strong customer authentication (SCA) that would severely damage businesses. Regarding SCA, Visa has said that “if confirmed, [the SCA] will cause 'inconvenience ... with no benefits for consumers', and is 'a significant threat to future innovation and Europe's future growth'". Many payment service providers operate a risk-based approach to authentication, designed to prevent fraud but not put off valuable customers. Under the new rule, they will be forced to deploy two-factor authentication which can often be onerous, resulting, they argue, in devastating effects on their businesses and the merchants they serve. One-click checkouts would become a thing of the past: You can understand their concern.
The revised Directive on Payment Services (PSD2) doesn't actually come into effect until 1st January 2018, but I'm sure that the preparations for this momentous change are sure to be the big story of 2017.
Created by the European Commission, PSD2 is intended to break the banks' monopoly on their customers' information, enabling those customers to use third-party providers for a range of financial services, while retaining the security and simplicity of keeping their money where they have always kept it.
Under PSD2, the banks will all be obliged to give third-party payment providers direct access to their customers' accounts through Open Application Program Interfaces (APIs), enabling them to debit and credit funds at will and without charge.
The Second Payment Services Directive (PSD2) is a fundamental piece of payments legislation in Europe, which entered into force in January 2016. The regulation is set to drastically impact the infrastructure for banks, fintechs and businesses using payments data by opening up access to third party providers. The regulation requires that all member states implement these rules by 13 January 2018.
Whilst the regulation has been a popular topic over the past few months, is the industry as knowledgeable about PSD2 as perhaps we expect it to be? We’ve broken it down to the basics to explain what PSD2 really is, what it means for banks and who the regulation will primarily affect.