A revised Payment Services Directive (PSD2) was implemented on 13 January 2018. The original directive (PSD) was adopted in 2007, creating a single market for payments and thus the legal foundation for a Single Euro Payments Area (SEPA). Technological innovation and digitalisation has led to new entrants in the field offering new services online and on mobile. The problem was that most of these new players were outside of the scope of the PSD and, therefore, not regulated by the EU. The PSD2 aims to improve security and fraud prevention, but also to “foster innovation and competition” by ensuring a healthy playing field for old, new and prospective players.
In short, it is a transformation from a European Single Market to a Digital European Single Market.
The Financial Conduct Authority (FCA) summarises the aims of the directive:
Below are the main and most important changes taking place with the new legislation, as revealed by the European Payments Council.
The EU is removing barriers for new entrants to the finance industry and, thus, is welcoming competition between new tech services and the established banks. The objective is that in the near future consumers will be able to view all of their bank accounts, payments’ accounts and bills in one place, such as an Application Programming Interface (API), through third-party providers. Of course, the payment account holder will have to give prior consent for this to take place. Furthermore, new players will be able to access the aforementioned accounts (with prior consent) to make payments via credit transfers on behalf of their customers.
This could be revolutionary. Until now, a new entrant had to obtain near-to-impossible licenses, which are mostly held by credit institutions, such as banks. PSD2 is meant to streamline this process for new companies, allow them to compete with each other and with the established institutions.
Strong Customer Authentication (SCA) will be implemented in order to reduce the risk of fraud. This means that when accessing their data or accounts, users will have to take two or more independent actions in order to enhance protection. These include:
These elements will have to be applied each time a user makes a payment above a certain amount (unless the beneficiary is already identified). These will apply only the first time a user accesses their payment account, and then every 90 days.
If one of the parties processing a transaction is located outside the EU, the transaction is still under the scope of PSD2. This includes all official currencies (excluding cryptocurrencies) and aims to offer more information for the consumer and more protection for the European part of the transaction.
The unconditional right of refund for Direct Debit until up to 8 weeks after payment, will become a formal legal requirement. This already applies to the European Payments Council SEPA Direct Debit scheme (EPC SDD).
Surcharging for card payments will be banned. This applies to card payments that are subject to interchange fee caps under the Interchange Fee Regulation.
Consumers will not pay more than €50 (compared to €150 previously) for unauthorised payments, except in situations such as fraud or gross negligence.
These are the main changes and impacts that are taking place under PSD2. Reach out to the following sources if you would like to dig in deeper into PSD2 literature: European Payments Council, FCA and Payments UK.
Give your organisation the stability and freedom it needs to drive higher levels of growth by seamlessly automating your payment processes.