The Second Payment Services Directive, otherwise known as PSD2, is an EU Regulation. It aims to harmonise the operations of payment services in the European Economic Area (EEA).
In this article, we’ll demystify PSD2 and explain how its requirements are relevant for your business, and what actions you should take next.
PSD2 has been designed to increase competition by creating a level playing field for both banks and non-banks. It removes the monopoly banks have on the use of customer data, allowing other businesses to use that data as well, with the customer’s permission. For example, when shopping online, an e-commerce provider can retrieve a customer’s bank account data and take their payment without having to redirect them to another service, such as PayPal. This creates a faster and more streamlined payment experience for the customer.
It builds on the original Payment Services Directive (PSD), introduced in 2005. The new iteration brings important changes for businesses that take payments from customers in the EEA.
PSD2 has existed since 12 January 2016. EU countries had until 13 January 2018 to incorporate it into national law.
Open Banking was introduced by the Competition and Markets Authority, as a result of the requirements of the wider PSD2 legislation. Open Banking aims to increase competition, specifically in the UK market, by allowing non-bank Payment Service Providers (PSPs) to access customer transactional data, with their consent.
The difference between Open Banking and PSD2 lies in how the banks open up their data to third parties. PSD2 simply requires them to do so, while Open Banking specifies a standard format for the process. An example of Open Banking is a money management dashboard that combines multiple bank accounts for an overall picture of a person’s financial health. Open Banking is also useful for lending, where customers can provide their financial information online in order to be approved for a loan more quickly.
Open Banking also improves the online payments process, allowing customers to make payments directly from their bank account, which can directly authenticate the transaction.
Under PSD2, online payments will require more stringent customer authentication, for numerous kinds of transactions including high-value and recurring payments.
This is known as Strong Customer Authentication (SCA), and it is designed to enhance customer protection.
SCA, which came into force on 14 September 2019, is an essential feature for any merchant that accepts customer payments online from within the EEA.
SCA is designed to keep customers safe online in this new era of increased openness. Previously, it was common for customers paying online to identify themselves with a username and password. But this was a cumbersome method, with users often forgetting their information.
SCA now requires customers to identify themselves with two out of three categories: