What is PSD2? Everything you need to know
Understand the fundamentals of PSD2 and how it affects you and your customers.
What is PSD2 in simple terms?PSD2 is an EU law that has paved the way for open banking. It gives customers the right to access their payment accounts and initiate payments via third parties. It also requires online payments to be compliant with Strong Customer Authentication (SCA), with the use of two-factor authentication (2FA). PSD2’s full name is the Revised Payment Services Directive, and it applies to the entire European Economic Area (EEA).
What is the purpose of PSD2?In short, the purpose of PSD2 is to increase competition in the payments industry, enable the growth of new payment methods, improve customer protections, and reduce fraud. Greater competition in the payments industryPreviously, only banks had the right to access the customer financial data they held. PSD2 allows regulated companies to access this data, as well as initiate payments, as long as they have the customer’s express consent. Under PSD2, third-party providers (TPPs) can offer Account Information Services (AIS) and/or Payment Initiation Services (PIS).In the UK, companies can offer AIS and/or PIS by becoming registered with the Financial Conduct Authority (FCA). Businesses can integrate open banking services into their products by partnering with a regulated TPP, without having to become regulated themselves. Reducing fraudPSD2 intends to reduce fraud by introducing Strong Customer Authentication (SCA). SCA means consumers need to take extra steps to pay online to prove that they are who they say they are, and not a fraudster making a payment without authorisation. Specifically, it requires two-factor authentication (2FA), where a customer must provide two different forms of identification from different categories. these categories are:
- Knowledge: something they know (a password, for example)
- Inherence: something they are (a fingerprint, for example)
- Possession: something they own (such as a mobile device)
- In Germany, SCA has been enforced since 15 March 2021
- In France, SCA came into full effect on 15 May 2021
- In the UK, the deadline for full SCA implementation is 14 March 2022
What is the implementation date for PSD2?PSD2 was first proposed by the European Commission in July 2013. It eventually entered into force in January 2016. Crucially, PSD2 stated that new regulations must be implemented as law in local markets within the EEA by 13 January 2018. The UK Government (HM Treasury) brought PSD2 into force in the UK in 2017 in the form of the Payment Services Regulations (PSRs).
What does PSD2 mean for businesses?PSD2 affects all businesses providing payment services or accessing payment account data in the EEA, as well as those further afield with subsidiaries in the EEA. PSD2 has paved the way for open banking, giving customers the right to access their payment accounts and initiate payments via third-party providers (TPPs). This gives businesses the opportunity to offer new products and services.For businesses, open banking offers significant benefits including making online accounting easier, accelerating loan applications, helping you take payments and sign up your customers quickly and securely.Open banking examples that we have already seen include:
- Account aggregation (eg Sync)
- Auto-saving and smart budgeting (eg Plum and Chip)
- Instant account funding (eg Trading 212)
- Instant account and identify verification (eg LeoVegas)
- Buying and selling goods online (eg selling your car with Cazoo)
- Smart pension savings (eg Penfold)