March 28, 2019

By now you are probably familiar with the basics of the revised edition of the Payment Services Directive (PSD2).

The set of regulations slated to replace the original Payment Services Directive (PSD), first issued in 2008, intends to create a level playing field by standardizing, integrating and improving payment efficiency across the EU. The end goal is to equalize the landscape between countries and payment providers, ultimately increasing competitiveness in the market, breaking banks’ monopoly on users’ data, all while simultaneously strengthening security for online customers.

Ultimately, PSD2 is slated to usher in a new era of “open banking,” poised to empower customers with unprecedented freedom in how they access their financial services and aimed to help merchants increase transparency, ultimately building customer trust. So what can merchants expect?

1. Strong Customer Authentication (SCA)

SCA intends to better protect online customer data and to reduce online transactional fraud. As part of the broader rollout of PSD2 requirements, merchants will need to be compliant by September 14 2019.

Under SCA requirements, merchants need supplemental authentication from their customers for transactions in the European Economic Area (EEA), in order for them to be approved. The new rules require customers to authenticate their identities using two of the following three methods:

  • Knowledge - Something only the unique user would know (e.g. password)
  • Possession - Something to which only the user has access (e.g. mobile phone)
  • Inherence - Something the user “is” (e.g. fingerprint)
PSD2_blog_authorization

Twenty six percent of customers will abandon their purchase if the checkout process is too long or too complicated, making this new requirement particularly troublesome for merchants. The more steps a retailer adds in, the more likely they are to lose shoppers. There are narrow definitions defined within PSD2 which may allow for particular transactions to be exempt from this additional authentication process (low value purchases, or repeat transactions with a trusted merchant or beneficiary). However, merchants should expect that the majority of their transactions will need to meet these new requirements.

2. Access to Accounts (XS2A)

Under PSD2, any regulated third party payment service provider (TPP), is eligible to become an Account Information Service Provider (AISP) or Payment Initiation Service Provider (PISP), and through the “open banking” application programming interfaces (API), will have direct access to their customer's bank account details (with customer consent, of course).

By opening access to this data, the payment flow is cleansed of intermediaries, opening up the opportunity to drive innovation. XS2A could allow for new online payment solutions to be created, poised to benefit all actors in the payments chain. By cutting out the middleman with XS2A, complex checkout processes will no longer exist, and merchants will be able to securely and directly collect payments from their customers’ bank accounts.

3. Licensing

Under the new PSD2 directive, merchants that are viewed as marketplaces will be under increased scrutiny, and some of the exemptions that may have applied to their businesses in the past will no longer be applicable.

The original Payment Services Directive (PSD) allowed for marketplaces to leverage an exclusion for commercial agents, giving them the ability to avoid authorized payment institution requirements. PSD2 will limit the scope of these previous exemptions, and many marketplaces will need to register either as a payment institution (which will come with a hefty price tag and increased regulatory oversight), or outsource aspects of their services and functionalities to a licensed payment institution instead. If a merchant is considered a marketplace, the best course of action is to seek legal counsel to ensure a complete understanding of how their business may be impacted by PSD2.

vg4nQ6_t20_bAeN9X-1

4. Surcharging

Original regulations within PSD limited surcharges across all payment methods. PSD2 further tightens these limits for credit cards, debit cards, prepaid cards, and other payments processed through intermediaries (e.g. Visa or MasterCard). For many merchants, surcharging meant additional charges could be tacked onto purchase amounts that their customers would ultimately pay at checkout. The PSD2 ban on surcharging will require merchants to recoup these lost funds in a more creative manner, possibly repricing their products in order to account for the ban. The intention of the surcharge ban is to increase merchant transparency and bolster customer trust.

The impact of PSD2 will be significant for online merchants across every industry. While the payments world is buzzing about how these new regulations may cause pain rather than a cause to rejoice, the intention of the regulations is truly to drive innovation in the market, creating a more competitive landscape for merchants and consumers alike.

EU Compliance Security PSD2 Regulation

Sign up for blog updates