SUMMARY OF THE PAYMENT SERVICES DIRECTIVE 2 (a.k.a. PSD2)
Here are a few things to know about the Payment Services Directive 2, also known as the ‘Revised Payment Services Directive’ (PSD2 – EU Directive 2015/2366):
WHAT PSD2 IS ALL ABOUT
The Payment Services Directory 2 (PSD2) is a directive which hopes to improve on the old Payment Service industry in Europe. The first Payment Services Directive (PSD), formally known as the New Legal Framework for Payment was published in the Official Journal of the European Union (EU) on the 5 th of December 2007. It became transposed into law among EU member states and applied through the Payment Services Regulations on 1 st November 2009. The Directive created a regulatory framework for payment services in the EU which aimed at creating a well-functioning and competitive single market, providing a broad legal framework for a Single Euro Payments Area (SEPA) as well as protecting the right of consumers when making payments.
On December 2015, the European Union’s Office Journal published the PSD2. The PSD2 came into force by Directive (EU) 2015/2366 on 12 th December 2016 and is expected to be transposed into national law in the EU (member states) and applied from the 13 th of January 2018 onwards. The PSD2 updates and complements the EU rules put in place by the PSD (2007/64/EC).
The PSD2 aims at contributing to a more integrated and efficient European Payment Market and to improve the playing field for Payment Service Providers (PSP) by including new players. It also aims at bringing online payment service providers such as PayPal under the regulation thus bringing greater transparency to the products and services offered by the payment service providers. Some other PSPs distinguished by the PSD2 include Credit Institutions, E-Money and Payment Institutions, Member States or their regional or local authorities, the European Central Bank (ECB) and national central banks. The main objective of the PSD2 is consumer protection and security of payment.The PSD2 applies to e-payments within the EU which are more cost efficient than cash and which also stimulate consumption and economic growth. There are several other changes made by the PSD2 to improve on the PSD of the EU.Those changes include the following:
- Consumer Protection
Strong Customer Authentication (SCA):
- The PSD2 enforces a two-factor authentication system in order to validate the identity of a person based on the use of two of the following main elements:
- Knowledge: something only the user knows e.g. pin, password, User-ID
- Possession: something only the user has: e.g. CVV number, token, (Phone) Device-ID
- Identity: biometrics e.g. fingerprints, iris scan, face recognition
Combining two out of these three is to be used for authentication when addressing a payment account online, initiating an electronic payment transaction, or for any action which may imply a risk of fraud by.
PSD2 in a nutshell:
- The Emergence of Licensed Third Party Payment Providers (TPP):
The PSD2 introduces licensed Third Party Payment Providers (TPPs) that are permitted to provide certain types of services connected to payments. TPPs are Payment Initiation Service Providers (PISPs) and Account Initiation Service Providers (AISPs) that enable payment initiation and account access on behalf of customers.
- Third Party Access-to-Account (XS2A):
This involves the provision of third party access to a bank account. With PSD2, banks are forced by law to give TPPs access to customers’ accounts through an Application Programming Interface (API).
- The Emergence of New Payment Services (AISP/PISP):
According to Article 4(3) of the PSD2, a payment service is any business activity set out in Annex I.The two new payment services introduced and regulated under the PSD2 are the *Account Information Service (AIS) and the Payment Initiation Service (PIS).*Providers of these services are called Account Information Service Providers (AISPs) and Payment Information Service Providers (PISPs) respectively, often referred to collectively as Third Party Payment Providers (TPPs), as stated above. The Payment Initiation Service (PIS) is defined in Article 4(15) of the PSD2 as a service to initiate a payment order at the request of the payment service user on a payment account held at another payment service provider. Payment Initiation Service Providers (PISPs) are players that can initiate payment transactions and act as link between a payer’s bank account and a merchants banking platform. Active PISPs in the European market include e.g. ‘Sofort’ and ‘Trust’.Account Information Service (AIS) is defined in Article 4(16) as an online service to provide consolidated information on one or more payment accounts held by the Payment Service User with either another payment service provider or with more than one payment service providers. Account Information Service Providers (AISPs) provide services to consumers to let them see an overview of their financial situations between multiple banks and to analyze their spending pattern in a user-friendly manner, e.g. allowing them to view of all of ones multi-bank details in a single portal.
- The Introduction of the Account Servicing Payment Service Provider (AS PSP):
The AS PSP is a traditional type of payment with which a Payment Service User (PSU) holds an account, and from which the PSU issues payment orders. Under PSD2, the AS PSP executes the payment transactions initiated by the PISP on behalf of the PSU. Furthermore, AISPs and PISPs can rely on the authentication procedures of Account Servicing Payment Service Providers (AS PSPs) for seeking transactions. The AS PSPs are prohibited from discriminating against AISPs or PISPSs in any way, for example by imposing additional costs on them or by delaying payment execution.
- Competition and Choice:
The PSD2 allows consumers and merchants to benefit fully from the rising international market potential, particularly regarding e-commerce. The PSD2 does this by encouraging new providers and new payment services. The PSD2 text clearly states that customers have a right to use PIS and AIS where the payment account is accessible online and where they have given their consent.
- Extension of scope:
In a bid to improve on market efficiency and integration, the PSD2 extends the scope of the initial directive to include all currencies and one-leg-payment (a payment where one of the transactions happens outside the EU or European Economic Area (EEA)). It also extends the scope to include all types of payment acquirers and payment instruments, except those with limited network exclusion such as membership- or fuel-cards.
- Prohibition of Surcharging:
The PSD2 will ban surcharging for the use of payment instruments covered by the Interchange Fee Regulation (MIF/IFR) and Payment Services covered by the SEPA regulation. Surcharging involves the addition of extra charge on the agreed price by the merchants. The practice of surcharging is very common in some EU member states, especially for online payments and in some specific sectors like the travel industry. In all cases, where fees for payment methods imposed on merchants are capped by the MIF regulation merchants will no longer be allowed to surcharge on these consumer payments. The prohibition of surcharging by the PSD2 will therefore mean savings for EU consumers when performing credit card-based purchases.
ADVANTAGES & BENEFITS OF THE PSD2
- The PSD2 encourages the development of innovative mobile and online payment services in Europe.
- PSD2 provides an opportunity for traditional and new innovative players in the financial services space to use digital platforms to capitalize on the opportunities offered under PSD2.
- Before PSD2, entering the market of financial services was complicated for TPPs, because of the many protocols involved but the PSD2 makes provision for Third Party Access to Accounts. It also acknowledges new players assessing the consumer’s payment accounts by mandating/forcing banks to “open up the bank account” to external parties.
- PSD2 increases and supports consumer choice by facilitating market entrance for regulated non-bank players like payment institutions. Consumers will be better protected against fraud and other abuses and payment incidents, with improved security measures in place such as e.g Strong Customer Authentication (SCA).
- The prohibition of surcharging the use of payment instruments is another advantage of the PSD2. When the PSD2 is enforced, surcharging will not be allowed for those consumer cards affected by the EU MIF regulation (roughly 95% of all payment cards in the EEA). This will help lower charges for consumers. Moreover, the new rule introduced by the PSD2 will contribute to a better consumer experience when paying with an ‘open standard’ payment card throughout the European Union.
- Under PSD2, better consumer protection against fraud will take place by capping any potential payments, if an unauthorized payment is made, at 50EUR (formerly 150EUR).
- Improved consumer protection for payments made outside of the EU or in non-EU currencies.
In all, when made effective, the PSD2 will most likely be a game changer in the world of online banking and payment services.