What is PSD2 regulation & what does it mean for your business?
What is PSD2 in simple terms?
PSD2 is an EU law that has paved the way for open banking. It gives customers the right to access their payment accounts and initiate payments via third parties. It also requires online payments to be compliant with Strong Customer Authentication (SCA), with the use of two-factor authentication (2FA). PSD2’s full name is the Revised Payment Services Directive, and it applies to the entire European Economic Area (EEA).
What is the purpose of PSD2?
In short, the purpose of PSD2 is to increase competition in the payments industry, enable the growth of new payment methods, improve customer protections, and reduce fraud.
Greater competition in the payments industry
Previously, only banks had the right to access the customer financial data they held. PSD2 allows regulated companies to access this data, as well as initiate payments, as long as they have the customer’s express consent. Under PSD2, third-party providers (TPPs) can offer Account Information Services (AIS) and/or Payment Initiation Services (PIS).
In the UK, companies can offer AIS and/or PIS by becoming registered with the Financial Conduct Authority (FCA). Businesses can integrate open banking services into their products by partnering with a regulated TPP, without having to become regulated themselves.
Reducing fraud
PSD2 intends to reduce fraud by introducing Strong Customer Authentication (SCA). SCA means consumers need to take extra steps to pay online to prove that they are who they say they are, and not a fraudster making a payment without authorisation. Specifically, it requires two-factor authentication (2FA), where a customer must provide two different forms of identification from different categories. these categories are:
Knowledge: something they know (a password, for example)
Inherence: something they are (a fingerprint, for example)
Possession: something they own (such as a mobile device)
SCA for open banking payments has been in place since 2018, making open banking a safe and secure service for consumers.
The introduction of SCA for card payments has progressed on a different timeline. The original SCA enforcement deadline was 14 September 2019, but several countries across the EEA announced delays or phased implementation.
For example:
In Germany, SCA has been enforced since 15 March 2021
In France, SCA came into full effect on 15 May 2021
In the UK, the deadline for full SCA implementation is 14 March 2022
Consumer protections
Finally, PSD2 is aimed at improving consumer protections by requiring timely complaint resolution, as well as more stringent reporting on fraud incidences and system downtime.
What is the implementation date for PSD2?
PSD2 was first proposed by the European Commission in July 2013. It eventually entered into force in January 2016. Crucially, PSD2 stated that new regulations must be implemented as law in local markets within the EEA by 13 January 2018.
The UK Government (HM Treasury) brought PSD2 into force in the UK in 2017 in the form of the Payment Services Regulations (PSRs).
What does PSD2 mean for businesses?
PSD2 affects all businesses providing payment services or accessing payment account data in the EEA, as well as those further afield with subsidiaries in the EEA.
PSD2 has paved the way for open banking, giving customers the right to access their payment accounts and initiate payments via third-party providers (TPPs). This gives businesses the opportunity to offer new products and services.
For businesses, open banking offers significant benefits including making online accounting easier, accelerating loan applications, helping you take payments and sign up your customers quickly and securely.
Open banking examples that we have already seen include:
Account aggregation (eg Sync)
Instant account funding (eg Trading 212)
Instant account and identify verification
Buying and selling goods online (eg selling your car with Cazoo)
Smart pension savings (eg Penfold)
Businesses that take payments online also need to comply with SCA. SCA is designed to reduce payment fraud, especially card-not-present fraud. While less fraud is obviously good news for businesses, SCA requires changes to your checkout or payment flow. There is concern that additional steps when a customer makes a purchase will lead to fewer conversions. This is a particular problem for card payments.
What does PSD2 mean for customers?
Customers stand to benefit in multiple ways from the introduction of PSD2. By allowing third parties to access a customer’s financial data (with their permission), customers will be able to aggregate their bank accounts and effectively see their entire financial picture in one place. Customers will be given more tailored recommendations on how to manage their money, including through budgeting apps, wealth management apps, auto-saving apps and much more.
As PSD2 leads to the growth of new payment methods, customers will be able to pay for goods and services in different ways. These new payment methods will benefit customers by making the experience easier and quicker.
And while the potential reduction in fraud with SCA will mainly benefit businesses, it should also increase consumer confidence when making payments online.
What’s the difference between PSD2 and open banking?
PSD2 is the EU law that has created a common legal framework across the European Economic Area (EEA). It aims to encourage competition and innovation in payments while improving security and preventing fraud.
However, PSD2 does not mandate exactly how this needs to happen in each country. Open Banking (capitalised) is the UK’s set of standards for its specific implementation of PSD2, as developed by the Open Banking Implementation Entity (OBIE). Open Banking is also the secure way to give third-party providers access to financial information, delivering the benefits of the PSD2 regulation in the UK.
Additionally, open banking (lower case), is often used as the generic term for PSD2 and a series of other laws and regulations around the world, which all share a similar aim of giving customers and businesses more access to financial data that was previously only available to banks.
Is TrueLayer regulated under PSD2?
TrueLayer is regulated under the PSD2 with permission to provide Account Information Services (AIS) and Payment Initiation Services (PIS). To find out more about how TrueLayer can businesses make the most of PSD2 and open banking, get in touch.