We currently engage with many banks in Europe starting compliance projects on PSD2 – the revised Payment Service Directive. What does this mean and what are the impacts for banks and for their customers?
— Some history first
In 2007, the Payment Service Directive (PSD) was established as the legal foundation for an EU-wide single payment market. It was a comprehensive set of rules and guidelines designed to make cross-border payments easy, efficient and secure.
The goal was to help customers make more convenient, cost-effective and secure payments. This was also about fostering competition through the opening up of payment markets to new entrants.
PSD implementation resulted in a unified way to make credit transfers across the Single Euro Payments Area (SEPA) at almost no cost to the corporates.
This was also an opportunity for new players: fintechs and non-banking institutions quickly emerged, bringing innovation, competition and often, cheaper alternatives for digital payments.
But these non-banking institutions also introduced more risk at the consumer level, making it clear they should not remain unregulated.
That’s why the revised Payment Service Directive (PSD2) was proposed by the European Commission in 2013.
— PSD2 goals
- Offer better consumer protection
- Keep promoting innovation in the payment space and reducing costs
- Taking into account the modern payment methods such as mobile payment and online payment.
- Foster competition
- Improve security of payment across the Euro
— PSD2 main topics
1/ Extension of scope beyond Europe: PSD2 expands the original PSD to “one leg out” transactions – transactions where at least one side is located within EU borders – whereas this have only applied to transactions with both parties in the EU so far.
2/ Extension of the “Payment Institution” definition: PSD2 extends the definition of “Payment Institution” to AISPs and PISPs and both must now adopt PSD2.
- AISPs, Account Information Service Providers are providers that can connect to bank accounts and retrieve information from them, such as personal finance management tools, investment recommendation service …
- PISPs, Payment Initiation Service Providers are players that can initiate a payment transaction. As of today, there are only SEPA Credit Transfers and Debit cards. Whereas both are currently offered by the bank of the account holder, we will see in the future more solutions that can move money from the account without even requiring a wallet.
3/ 3rd party account access: PSD2 encourages new players to enter the payment market by mandating banks to “open up the bank account” to external parties, such as AISPs and PISPs.
4/ Prohibition of card surcharges: today’s bank practices are very different in surcharging card payment. A few countries ban it, others don’t. PSD2 wants to standardize this practice.
5/ Security of online payments and account access: PSD2 enforces new security requirements for electronic payments and account access. This both requires strong customer authentication and secure an open access to customer accounts (XSA2)
— New usage models
This brings two innovative usage models to bank customers:
- E-commerce payment: PSD2 will allow retailers to connect directly to the consumer bank account to initiate payment. This removes the need for intermediaries.
Personal account management: PSD2 will allow AISPs to offer a consolidated view accross all different accounts in a secure way resulting in a better customer insight.
— What is the timeline?
PSD2 was formally adopted by the EU Council of Ministers in December 2015 with a transposition deadline for all EU countries of January 2018.
— Why did banks take so long to start implementing PSD2?
Banks didn’t embrace PSD2 rapidly because they realized this would require a lot of investments, reduce their existing revenue streams and create an opportunity for new players.
— Which challenges will bank be facing while implementing PSD2?
Bank are siloed and most of them don’t offer access to the information stored in customer accounts. Banks will be the ones supporting the burden of evolving their systems, while most Third Party Providers have been using a modern stack since the beginning, requiring limited technical lifting.
Banks will need to open their systems using the modern API connectivity. APIs will provide the connectivity between retailers, banks and new players. This will create big opportunities for API Management solution vendors, which enterprise-grade solutions help expose internal services as APIs, secure those APIs, throttle the traffic to protect the performance of the internal systems, and manage the partner ecosystem.
— Who will gain from PSD2?
Users will gain the most by benefiting of new services, such as:
- connection with social networks to initiate a payment
- sending payment from messaging apps.
- share a bill at lunch and be notified on Facebook.
PSIPs and AISPs will be the winners if the banks don’t react and prefer the status quo. But banks can also see in this regulation a source of new opportunities to expand their business. They can for example create innovative services leveraging their new Digital Platform built with APIs. They can for example expose additional services leveraging their large partner ecosystem, they can also develop stronger interactions with their huge customer base by pushing the right content to their customers at the right time on their preferred device.