The Revised Payment Services Directive (PSD2) marks a significant evolution in the regulatory framework governing payment services across the European Union (EU) and the European Economic Area (EEA). Building on its predecessor, the original Payment Services Directive (PSD), this directive, established under the EU Directive 2015/2366, aims to foster competition, innovation, and security within the payments industry. Spearheaded by the European Commission's Directorate General Internal Market, PSD2 extends its focus beyond traditional banking institutions to include non-bank payment service providers, thereby leveling the playing field.
At its core, PSD2 seeks to harmonize consumer protection standards, delineate clear rights and obligations for payment providers and users alike, and pave the way for a unified, more secure European payments market that benefits consumers and service providers.
The Payment Services Directive 2 (PSD2) significantly impacts various stakeholders within the financial ecosystem, primarily focusing on enhancing consumer benefits and fostering an open banking environment across the European Union. The directive mandates that banks operating within the EU must grant access to their payment services to third-party providers (TPPs), a move aimed at breaking down bank monopolies, enhancing competition, and promoting transparency in banking relationships with customers. This means financial institutions are required to share essential data, such as account balances and transaction histories, with entities that consumers have authorized. Additionally, banks must facilitate payments initiated by third-party service providers by implementing Payment Initiation Services (PIS), thereby directly linking merchants and consumer bank accounts for payment processing.
Beyond banks, PSD2 also places a considerable emphasis on security and fraud prevention among Payment Service Providers (PSPs). By introducing stringent security requirements, including Strong Customer Authentication (SCA), the directive aims to minimize fraud and increase the security of electronic transactions. SCA, a type of multi-factor authentication, ensures that electronic payments are authenticated, linking the transaction to the user securely. Certain exemptions exist for low-value transactions or for entities that demonstrate robust fraud prevention mechanisms. Moreover, the regulation impacts brokerages by demanding greater transparency in exchange rate calculations and prohibiting specific exchange fees. For consumers, PSD2 paves the way for innovative financial services through Payment Initiation Services Providers (PISPs) and Account Information Services Providers (AISPs), offering alternatives to traditional payment methods and promoting a competitive landscape where third-party services can provide financial products independently of banks. This shift has led to an increase in services offered by neobanks, challenger banks, and a variety of financial applications aimed at simplifying money management, mortgage applications, and more, significantly benefiting consumers by providing more choices and better security in financial transactions.
PSD2 is a European directive. It only affects countries in the European Union. Since Brexit, for instance, the UK is not bound by the PSD2. However, global companies may need to meet PSD2 compliance when dealing with European users.
Compliance with the Payment Services Directive 2 (PSD2) is critical for financial institutions and payment service providers operating within the European Union due to its far-reaching implications on operational, security, and customer service practices. PSD2 not only mandates the opening up of banking data to authorized third parties to foster competition and innovation in the financial sector but also introduces stringent security measures like Strong Customer Authentication (SCA) to enhance transaction security. Institutions that fail to meet the requirements of PSD2 can be charged with financial penalties of up to 4% of their annual returns. Additionally, non-compliance could lead to a loss of consumer trust, damage to reputation, and a competitive disadvantage as consumers move towards more compliant and secure alternatives for their banking and payment needs. Therefore, adherence to PSD2 is essential not just from a regulatory standpoint but also for maintaining and growing customer relationships in a rapidly evolving digital finance landscape.
The responsibility of performing security audits lies with auditors possessing specialized expertise in IT security and payment systems. It is crucial that the chosen auditor is operationally independent, ensuring the audit’s impartiality and integrity. While many PSPs conduct these audits internally, outsourcing to an external auditor with relevant experience in security measures is a common and, in some cases, a mandatory practice.
Seminars, webcasts, business breakfasts and other events organized by Deloitte.
