PSD2 is a revision of the Payment Service Providers Directive (PSD). It is a European regulation for electronic payment services. It seeks to secure the payment process in Europe, facilitate innovation, and help the banking sector to adapt to new technologies. PSD2 entails two fundamental changes in the payments industry, i.e., to mandate more vital security requirements for online transactions through multi-factor authentication (MFA); and to force financial industries to give third-party payment services providers access to consumer bank accounts if account holders consent to this.
PSD2 policies are transforming the nature of financial dealings. It has given leverage to the initiation and processing of electronic payments hence protecting the customers’ rights. Strong customer authentication (SCA) is a requirement of the PSD2. It ensures that electronic payments are performed with multi-factor authentication. The stronger authentication is a combination of something the user knows, like a password or PIN, with something the user has, like a code that generates on the smartphone app or identification through biometrics. Hence, for every transaction, a unique authentication code will be generated.
Hence, you can integrate a PSD2 compliance solution in your business that supports all the protocols mentioned in the Regulatory Technical Standards on SCA. It should include a set of services, systems, and APIs which cover all PSD2 requirements, along with TPP and end-customer needs. Under the revision of this directive, banks and account-holding institutions should provide users with secure access to their accounts through APIs. The external service providers also called the Third Party Providers (TPPs), should directly access information and payment services.
European Union implemented this legislation by January 13, 2018. The revised directive’s goal is to align payment regulation with the current state of the European market and technology. It is significantly changing the manner of authoritarian dealings in Europe’s financial markets, and it seeks to protect European citizens by adding security to the payments they make. Hence, it reduces the risk of fraud and creates safer payments in the financial services market.
Here are six things you need to know about PSD2.
· New Breeds Of Payment Service Provider
PSD2 has introduced two new types of third-party providers: Account Information Service Providers (AISPs) and Payment Initiation Service Providers (PISPs). AISPs use financial institutions’ APIs to provide users with their concerning account information in one application. It requires prior authorization from users before they gain access to their accounts. PISPs can access customer account data and initiate transactions without ASPSPs’ commercial agreement. Account servicing payment service providers or ASPSPs are financial institutions like banks or credit unions. PISPs offer various services, bill payments and peer-to-peer transfers. It is achieved by creating a software bridge between user and merchant accounts.
· Applicability Beyond EU Boundaries
PSD2 regulations must be met by a U.S. business that has an entity in the EU. They need to ensure that the European entities are PSD2-compliant and SCA-ready. Any transaction carried out either fully or partially within the EU needs to be compliant with PSD2. Otherwise, you may face the risk of declining authorization rates and cancellation of payments.
· No Card Surcharges
The European PSD2 has prohibited the addition of surcharges to credit-and debit-card payments anywhere in the European Economic Area. Card surcharge has been banned to protect consumers across Europe. Merchants are prohibited from charging any additional fees if the customers make payments by a specific payment method. There are no hidden fees that the customers will have to pay. However, corporate cards are subjected to surcharges.
· Stricter Interpretations Of “Commercial Agent” And “Limited Network” Exemptions
Under PSD2, digital marketplaces that handle or control client money will be strictly interpreted under “Commercial Agent” and “Limited Network” policies. They may have previously depended on exemptions to defraud issues around being a licensed payment services provider. However, this will be strictly controlled under PSD2.
· Upcoming Deadline
Ecommerce firms and merchants need to comply with PSD2’s strong customer authentication mandates by September 14, 2021. EU countries incorporated PSD2 into national law by January 13, 2018.
· New Definition Of “Payment Account”
PSD2 defines payment accounts as “accounts held by one or more payment service users, which is used to conduct payment transactions”. Payment service providers or PSPs will have to “provide” monthly statements to the customers on a durable medium.
To Conclude:
PSD2 is a European regulation, and it marks a new age in financial services. Business sectors that offer account-information or payment-initiation services can get entry into the market with PSD2. It seeks to secure the payments process, foster innovation, and provide competitive advantages whereby third-party providers can access customer account data held by major banks to enable better services for users. The main objective of PSD2 is to protect the rights of the customers.