Under the Payment Services Directive (PSD 2), the digital revolution of making payments online is now regulated at a community level. With the power of innovation in this market, the EU-wide harmonization of online payments will lead to increased security for payment transactions and account information.
Why the need for a second directive, and what should the market expect?
Typically, legislation mostly certifies and provides a legal framework for practices that are already well-established. PSD2, on the other hand, is a directive that is ahead of current practices. For online payment services, the stakes are high and far-reaching, which has necessitated an early understanding of the potential effects of digitalization and digital technology. The rapid development of new services such as what the directive defines as payment initiation services and account information services show that the payment services market has been stagnant.
With the introduction of payment initiation services, using credit cards for online payments is no longer the only option. Now, payers simply need to confirm that they instructed a payment initiation service to transfer the money from their account. As a result, merchants benefit because they are guaranteed to get paid, encounter reduced transaction costs and have the flexibility of multiple payment methods. In addition, consumers can access a global view of their financial situation and consolidate different current accounts to better budget and plan their finances. They also benefit from making immediate payments, sending higher transaction amounts, and paying reduced costs thanks to increased market competition.
How is this a fundamental change for banks?
The payment services market will benefit from increased innovation and free-market competition by breaking from the current banking monopoly. This, in turn, means that at a minimum, banks will need to reorganize their IT infrastructure and, most likely, will need to refocus part of their business model. The new payment services established under the PSD 2 are having a tsunami-like effect on the banking industry. For a long time, the industry had been fighting to avoid this evolution by arguing that such changes would cost a lot of money and increase security risks.
However, banks must now open up their IT systems to third parties instructed to make payments for account holders and/or they must ensure a consolidated real-time view of account statements.
More than just a simple question of IT infrastructures, this directive directly attacks the banking monopoly by requiring banks to make automatic payment orders possible without financially benefitting from the transactions.
PSD 2: A logical next step from SEPA?
Recent evolutions in payment methods should have made it easy to guess what the future would bring. The PSD 2 is the logical next step after SEPA (Single Euro Payments Area), which was essentially an extension of the EU’s adoption of a single currency.
By harmonizing payment methods in Europe, SEPA began the process pursued by the PSD 1 of striving to create a transparent and level playing field for competition in the payments market. Since they mainly dealt with transfers, direct debits, and payments by bankcards, it was logical that a second directive would recognize and regulate payments made online and by mobile phone as well as the services associated with them.
In the spirit of open-market competition, the Payment Services Directive 2 has not only opened up the banking monopoly to competition but has also created a domain where young FinTech can compete against the Internet giants—an opportunity that they have eagerly embraced with some success for the moment.
And what about security?
This is the key to enabling this market to evolve so that it can benefit everyone. Although previously unregulated, PSD 2 now authorizes payment initiators and account information services to officially become payment service providers. This recognition ensures that more effective and efficient security measures and processes can now be implemented, notably through the mandatory authorization to operate that is provided by the prudential supervisory authority of the country of practice.
By offering the possibility to become an authorized payment service provider and benefit from the good reputation that meeting the requirements provides, payment service providers will demonstrate the highest respect for financial regulations and structure their organizations with the logic of a bank.
Last but not least, to ensure the security of confidential financial and personal user data, service providers must respect international security norms such as PCI-DSS and implement rigorous authentication measures such as the OTP (one-time-password) and strong customer authentication.
Without a doubt, the PSD 2 will inevitably accelerate future innovations for securing user data and transactions. Furthermore, the directive will entice online payment service providers to embrace European harmonization. In short, this is a directive that can inspire and stimulate limitless creativity for payment services.
*The Payment Services Directive (PSD 1) is a European directive (2007/64/CE) that focuses on payment services within the European market. It was published in the Official Journal of the European Union under L 319 on December 5th, 2007, and was revoked when the Payment Services Directive 2 (PSD 2) was adopted on July 24th, 2013.
Keep reading
AI tools can autonomously generate threat detection queries, sift through vast amounts of data, and pinpoint potential threats without manual intervention.
Deepfakes, while not entirely new, have reached a level of sophistication that challenges businesses that are trying to deliver frictionless digital onboarding to their users.
The Federal Trade Commission (FTC) received reports of a significant increase in SIM swap attacks in 2023, and Experian's 2024 scam forecast identified SIM swapping as one of the top threats, emphasizing the need for heightened awareness and preventive measures.
