PSD2 is a revision of the Payment Service Providers Directive (PSD), designed by the European Union countries. It can revolutionize the payments industry; it aims to secure the payment process in Europe, facilitate innovation, and help the banking sector adopt new technologies.
PSD2 seeks to impact the financial eco-system and infrastructure positively. The objective is to use payment data to benefit consumers. PSD2 introduces security requirements to initiate and process electronic payments and protect consumers’ financial data. It necessitates two fundamental changes in the payments industry, i.e., to mandate more robust security requirements for online transactions through multi-factor authentication (MFA). Secondly, it seeks to enforce laws and methods in financial industries to give third-party payment service providers access to consumer bank accounts with the account holder’s consensus.
PSD2 recognizes Third-Party Providers (TPPs), regulates their access or aggregate accounts, and initiates payment services. PSD2 policies are significantly changing the nature of financial transactions. Strong customer authentication (SCA) is a requirement of the PSD2, and it helps fix the vulnerabilities in the various finance dealings. It makes sure that the electronic payments are accessed securely. PSD2 compliance solution enables the businesses, banks, and financial sectors to remain relevant in the marketplace and stay in line with the standard regulatory protocols and current market standards.
PSD2 compliance consists of services, systems, and APIs to cover the payment directive’s various requirements. It also covers the TPP and end-customer needs. Under this, banks and financial institutions should provide users with secure access to their accounts through APIs.
Why Does PSD2 Matter?
· Consumer Rights
PSD2 is data-driven legislation, and it marks a shift in the payments industry to enable consumers to make secure transactions. It aims to allow customers to use payment account information services where their payment accounts are accessible online. Moreover, PSD2 also makes mobile payments more manageable, helps customers manage data, reports, and makes better comparisons when purchasing online.
· Ban Of Surcharges
There is a surcharge ban under the revised payment initiative. The B2C surcharge ban between merchants and customers applies where:
o The consumer’s bank or card issuer and the payment provider of the merchant are situated in the EEA; and
o The consumer uses a debit or credit card to make payments or makes a EUR payment using direct debit or credit transfer.
In specific segments where the surcharge ban is not practical, PSD2 limits merchants’ amount to surcharge businesses to the cost the merchant incurs in accepting payment through a particular mode used to process the transaction.
· New Breeds Of Payment Service Provider
PSD2 introduces two new types of third-party providers: Account Information Service Providers (AISPs) and Payment Initiation Service Providers (PISPs). AISPs use APIs to provide the authorized users access to their account information in one application. AISPs require prior authorization from users before gaining access to their accounts. PISPs can directly access customer account data and carry out transactions without ASPSPs’ commercial agreement. ASPSPs or account servicing payment service providers are banks or credit unions. PISPs extend services such as bill payments and peer-to-peer transfers. A software bridge is created between user and merchant accounts to pass on the information and carry transactions clearly and transparently.
· Stricter Interpretations Of “Commercial Agent” And “Limited Network” Exemptions
Under PSD2, the commercial agent exemption has been amended. The digital marketplaces that handle or control client money are subjected to strict interpretation under “Commercial Agent” and “Limited Network” policies. Marketplaces are likely to use a licensed payment service provider depending on the time and cost of becoming regulated themselves.
· New Definition Of “Payment Account”
PSD2 defines payment accounts as “accounts held by one or more payment service users, which is used to conduct payment transactions.” It may include savings and current accounts or accounts combining savings with mortgage and payment facilities as long as it is being used to make payments.
The introduction of Strong Customer Authentication criteria (SCA) includes a two-factor ID requirement and other security measures. For stronger authentication, users can use security measures and combine something they know, like a password or PIN, with something the user has, like a code that generates on the smartphone app or identification through biometrics. Before any transaction is processed, a unique authentication code will be generated.
· Third-Party Access
PSD2 enables third-party access to account information held by banks. The third-party providers need to define their use cases, take APIs from the banks, and determine if they need central or individual registration of TPP before connecting to merchants.
PSD2 aims to facilitate consumer access to their banking data in a safe, hassle-free way. It also seeks to foster innovation by encouraging banks to share customer data securely with third parties.
Also Read : 7 Best Aircraft MRO Companies in the World