Payment Services Directive 2 (PSD2)
What Is PSD2?
Payment Services Directive 2, abbreviated PSD2, is an EU Directive that is designed to better regulate payment processes throughout the European Union (EU) and European Economic Area (EEA).
PSD2 was administered by the European Commission Directorate as a successor service to the Payment Services Directive (1). It is a revision of PSD 1 and as such bring a number of new changes to the payments industry.
PSD2 and its predecessor PSD 1 both started out as directives created by the Single Euro Payments Area (SEPA). SEPA itself is a self-regulatory initiative created by the European banking sector with the express purpose of defining the harmonization of payment products, infrastructures, and technical standards throughout the European Union.
Represented by the European Payments Council, PSD 1 and 2 were both designed to provide a legal framework from which all payment service operators operate.
Payment Services Directive 2 is designed to increase pan-European competition and harmonize consumer protection and secure the rights and obligations or payment uses and providers. The end result of these pan-European reforms is a more level and consumer-friendly economic environment.
PSD2 is designed to provide greater cooperation between payment providers and their customers. As such, the PSD2 is structurally split into two main sections, each designed to accomplish this goal.
Section 1 of PSD2 creates market rules that describe the type of organizations that are allowed to provide payment services. Alongside credit institutions, PSD2 allows for electronic money institutions (created by the E-Money Directive in 2000), and creates a new category, called ‘Payment Institutions’.
Under Section 1, PSD2 allows for organizations that are neither of the above to apply for authorization as an independent payment institution provided that they meet specific capital and risk management requirements
PSD2 allows for such an application to be made within any EU country and also allows for a payment institution to transfer or ‘passport’ their services into all other EU member countries without needing additional payment institution requirements.
Under Section 2 of PSD2, business conduct rules are specified. Specifically, Section 2 outlines and defines the level of transparency of information that payment service institutions must provide. This includes, but is not limited to, any charges, exchange rates, transaction references, and maximum execution time.
Section 2 also outlines the rights and obligations of both payment service providers and their users. Specifically, it defines how to authorize and execute transactions, stipulates liability in the event of any unauthorized use of payment services by either party, explains the payment orders and refund process, and affirms the value dating of payments.
As a result of the sweeping changes made by PSD2, European consumers now have access to a more competitive, innovative, and secure payment services market. PSD2 brings revolutionary new ways for people all across the European Union to pay for things online.
What this means is that PSD2 has broken the bank’s monopoly on its users’ data. Merchant businesses like Amazon can now retrieve your account information from your bank (with your permission).
When you make a purchase online, Amazon or another authorized vendor can make the payment for you without needing to redirect you to another service, such as PayPal or Visa.
You won’t have to enter in your credit card information on another website, wasting your time and potentially risking your security. Under PSD2, payment service providers (like Amazon) will also be required to provide stronger identity checks when making online payments, especially if high-value transactions are being made.
If you have more than one bank account, PSD2 will allow businesses (called Account Information Service Providers in PSD2’s legislation) to display all of your account information in a single place to easier manage and track your financial information. This is similar to services like Mint that are enjoyed by U.S. consumers.
Another benefit that PSD2 brings to the table is the prohibition of non-transparent payment methods for international payments. In the past, banks often hid costs in the form of poor exchange rates.
These exchange rates are much lower than the mid-market rate that you would find on Google, for instance. In addition to this, payment providers will often only provide information about upfront fees -- either in the form of a fixed fee or a percentage of the transfer amount for currency exchanges.
This has had the nasty effect of surprising people in the process of currency exchange with an exchange rate that they are not used to or wasn’t informed of. To prevent this, PSD2 is designed to provide consumers real and accurate information about the costs and charges that come with the international money transfer.
Besides benefitting European consumers, PSD2 also aims to fix the payment market and open it up to competition. According to a press release issued by the European Union, the EU’s payment services market is extremely fragmented and costs the EU more than $147 billion dollars every year -- roughly equivalent to 1% of the EU’s GDP.
Over the years, a number of new Payment Service Providers (PSPs) have sprung up, created by various financial technology companies.
PSD2 aims to cover these new PSPs and the services they provide. In doing so, it provides EU consumers access to a market that is far more competitive, consumer-friendly, innovative, secure, and stable.
PSD2 Compliance And Issues
The development and implementation of PSD2 is something that has generally been accepted by PSPs and the EU -- although it has received plenty of criticism and reservations.
For example, Visa Directive, a company that represents more than 3,700 European banks and payment providers, has been vocal about their criticism.
Specifically, they feel that telecommunications providers should not be exempt from the stipulations imposed by PSD2. This, they feel, is because of the role that these companies play in processing mobile payments. Because of how much data we keep and have access to on smartphones, this raises obvious security and privacy concerns.
In addition to this, a number of EU countries -- Slovakia, Estonia, and the United Kingdom -- have decided to refuse to comply with EBA guidelines.
These guidelines were measures created by the European Banking Authority to act in the place of PSD2, which did not fully come into effect until 2018/2019.
The UK has authorized the Financial Conduct Authority (FCA) to represent its interests on the matter and has said that the UK cannot comply because it lacks the authority to force PSPs to follow EBA guidelines.
Since the EBA guidelines were designed to act as a stand-in for PSD2, many of the regulations EBA implements are identical to that of PSD2’s.
This effectively means that, by extension, these countries are also not in compliance with the now-existing PSD2 guidelines.
On a related note, many measures that PSD2 introduces have been introduced elsewhere in the world -- mainly the United States. In the United States, the Dodd-Frank Wall Street Reforms and the Consumer Protection Act were enacted to protect consumer rights after the 2008 financial crisis.
Included in these acts are, among other things, are regulations for liability limits, fee disclosures and other stipulations enacted to protect consumers -- similar to PSD2.
To speak further of the importance of PSD2 and its new and game-changing rules, President of Western Union Business Solutions Kerry Agiasotis had some words about the difficulties that were alleviated by them.
“Moving money around the world is becoming increasingly challenging. If you think about global banking systems and the fast pace at which regulation is changing, this is building onto the problems that already exist.”.
What this implies is that the choices offered to consumers via PSD2 allow further innovation from financial technology companies.
It encourages further competition and thus benefits both consumers and payment service providers like PayPal, Visa, Mastercard, Skrill, and much more.
Peter Burridge, President and Chief Commercial Officer of Hyperwallet (a global payment provider) had this to say about PSD2:
“Choice means that people can get paid. When you look at different industries they have different relationships with payees, some of which are very concerned about the global payment experience.”.
Mr. Burridge’s words suggest support for PSD2 by PSPs and Financial Technology companies all over the world - not just those centered in the EU.
Many countries in the EU have adopted and implemented the rules of PSD2 into their national legal system since its inception.
It is felt by many EU countries -- and even countries outside the EU that maintain strong ties with them -- that the changes made by PSD2 will revolutionize the banking and payment industry, and that the coming changes will benefit everyone.
However, there still remains some issues that affect PSD2. For starters, PSD2, as the article implies, only affects countries and payments made within the European Economic Area. It does not apply to transactions made with third world countries.
Secondly, PSD2 allows for a number of exceptions to payment activities that leave consumers unprotected in certain instances.
PSD2 also has many stipulations and flaws that can be exploited by merchants and third-party PSPs. For instance, PSD2 allows for the option for merchants to charge a fee or give rebates.
This, combined with options available for countries to limit these options, has lead to an extreme heterogeneity in the payment market.
Despite these flaws, however, the many benefits and sweeping changes that PSD2 makes and improves over PSD 1 is seen as a positive.
Many countries within the EU -- and many first-world countries tied to it -- see PSD2 as a major game changer to the online payment market and is set to benefit banks, PSPs, and consumers alike in new an innovative ways.
Ready for the next step?
Ensure that every solution you use is safe, secure and compliant with ever-changing GDPR, PSD2 and other personal data standards and regulations. Our authentication solutions take care of that for you.