It is more than four years since PSD was introduced in Europe. The final implementation took place earlier this year. All Member States of the European Union are expected to have implemented the new and revised payment services directives. PSD2 is the second payment services directive and the implementation was scheduled to take place by 13th January 2018, the directive is an important piece of the payment puzzle that affects legislation in the European countries. According to PSD2, all payment service providers are expected to make significant changes to their existing operations. PSD2 was the final product that was released after a review was done on the original PSD.
But then what exactly is PSD2?
What is Payment Service Directive 2?
PSD2 can be simply described as the revised version of the initial PSD adopted by the European Parliament. The main objective of this new directive was to help in streamlining the payment processing systems that were previously operated in Europe when carrying out any given financial transaction. This was to be done by coming up with uniform legislation and allowing for new competition in the Financial Institutions market. The European Union market was expected to benefit from new competition. The extra benefits of the 2007 directive would include reduction of costs and the stimulation of the genetic sector, hence benefiting the nontraditional financial institutions and startups in the process.
PSD2 Improvement of the PSD and SEPA
Close to seven years after the introduction of the first PSD, the European Parliament decided came up with PSD2 in 2013. This new move was initiated by the growing changes that the European financial market was experiencing. The changes that had occurred in the past decade had made the PSD become obsolete hence the need for an upgrade was important. The new millennium saw the introduction of PSD2 and so adjustments had to be made that affected the rules and regulations. The new changes were made to be more accommodating to the increased number of online financial transactions. The use of the internet as a medium of financial transactions had become more common and the mobile payment systems were used compared to the traditional means of making any money transaction. Mobile payment systems were also considered to be points of sale were gaining more popularity among the European states. If you look back at the PSD2 timeline you will see the following progress of the PSD2:
- 2013: The European Commission proposed a review of the current PSD and the ECB’s recommendations for e-payment.
- 2014: Preparations for PSD2 began. The EBA’s guidelines for e-payments were also introduced.
- 2015: the European Union Parliament agreed to the revised directive of the PSD and come up with PSD2.
- 2016: The new EBA’s technical PSD2 recommendations are finalized.
- 2017: the law to be adopted by the Member states of the EU.
13th January 2018 was the date for the final implementation of the PSD2. The member states of the European Union had been given 2 years, from the 12th of January 2016 to begin the implementation of PSD2 in their states. The PSD2 is also a minor extension of the SEPA (The European Union’s Single Euro Payment Area). Countries like Switzerland and Norway would be left out. Financial institutions and fintech’s will follow the topic closely, however, each will a have a different and unique perspective from the other.
The creation of one market for payments and hence a stronger legal foundation for SEPA was the main objective of PSD and PSD2. Thanks to the major improvements that have been experienced in online and mobile banking, the use of technological innovations made transactions super-fast. Thanks to these improvements in technology and digitization, more companies have come up with new services that facilitate efficient transactions both online and mobile. The only challenge that arose due to all these major changes is that many of these companies were not within the scope of the previous PSD and hence could not be legally regulated by the European Union. When PSD2 was suggested it was to improve on the security of transactions and prevent cases of fraud. PSD2 was brought about to foster competition and innovation among the European Market, hence ensuring there is healthy competition by creating a level playing field for everyone, the old players, the prospective players, and the new players.
This means PSD2 was to bring about the transformation of the European Market from being a single market to a Digital European Single Market. Below is a summary of the objectives of the PSD2 directive.
- Provide the European market with a payment system that is more efficient and integrated at the same time.
- Offer all the payment service providers in the European Market as a level playing field.
- Promote the use and development of innovative and updated mobile and online payment services.
- Make all payment transactions more secure and safer.
- Offer consumers with additional protection from scams and frauds.
- Promote reduced charges on processing payments.
In order to make sure the above objectives of PSD2 were met, the European Payments Council had to make some important changes that were to be implemented by this new legislation. The changes were to affect all the member states of the European Union and had to be implemented between January 12th, 2016 and January 13th 2018. Below are some of the changes that the European market is facing thanks to the new PSD2 legislation.
- New players and new competition
With this new PSD2 legislation the European Union has removedl the barriers in the financial market that affected the entry of new players, hence welcoming a more healthy competition between the new technology services and the banks that are well established. The objective of this change is that consumers in the near future will have the opportunity to view their bills, bank accounts, and the payment’s account all in one single place. Something like an API (Application Programming Interface). This would be achieved through third party service providers. This will also have to involve the payment account holder’s opinion, the customer can only view the details of the payment account if the payment holder gives his/her consent prior to the transaction. The new players will also have a chance to access all the aforementioned accounts in the new legislation (also prior to the consent of the concerned parties) and hence make payments on behalf of their clients using credit transfers. According to analysts and experts, this could turn out to be very revolutionary. In the past any new player in the game had to look for a license that was close to impossible to get, most of the times these licenses were held by the credit institutions like the banks. With PSD2 law in place, it means the process will be streamlined, especially for the new companies planning to enter the market and hence give them an equal chance to compete with the other new players and the also the other established financial institutions present in the European market.
- Increased security
PSD2 brings an increased and improved SCA (Strong Customer Authentication) system that has been implemented in all the member states of the EU. The SCA system is meant to improve the security and hence lower the risk of consumers and buyers from suffering from any incidents of frauds or scams. With this new SCA system, it simply means that when users will be accessing their accounts or data, they will be provided with additional independent actions that are meant to enhance their protection. This enhanced actions provided to the users will be:
- Knowledge: this is something only known to the user like a secret password or PIN.
- Possession: this is something that only the user possesses (card, ID or any other thing).
- Inherence: something that is physically part of the user (voice, facial recognition or a fingerprint).
- For the remote payment transactions (mobile or internet), an authentication code that is unique will dynamically be used to link transactions being done between the payee and the respective amount.
All the above four elements have to be implemented every time the user will be making payments exceeding a given amount of money (of course, unless the beneficiary of the payment is already verified by the payment system). Using the four elements will also be applicable for all the first time users when accessing their payment accounts and will continue for the next 90 days.
- The European Union-wide and beyond
Thanks to the PSD2 law, there will be increased coverage with regards to payment processing in the European Market. In case one of the parties involved in the transaction is not located in one of the member states of the European Union, then there is no need to worry as the transaction will still be under the scope of the PSD2. The transaction will still have to follow the laws in the PSD2 which involves: use of official currencies, which excluded all cryptocurrencies, aiming to provide as much information as possible to the consumer and offering maximum protection to the European party involved in the transaction. PSD2 will allow a wider coverage of transactions that go beyond the coverage of the European Union.
- What About Refunds?
As from the 13th of January 2018, payment transactions in all the member states of the EU will have a new refund policy. Parties involved in a transaction have an unconditional legal right of refund for all the Direct Debits for a maximum period of 8 weeks after the payment has been made. After the stipulated time elapses, then requesting a refund will now be a formal legal requirement. The refund policy already applied to the (EPC SDD) European Payments Council SEPA Direct Debit payment scheme.
- The Surcharging ban
There will be no more surcharging which affected card payments. The surcharge has been banned under the new PSD2 law and the ban is applicable to all card payments which are subject to any interchange fees caps that are set under the current Interchange Fee Regulation.
- What of the Unauthorised payments?
When looking at the unauthorized payment, consumers are not required to pay a maximum of €50 unlike in the past when they paid €150 in order to perform any unauthorized payments. This doesn’t apply to cases of gross negligence and fraud.
- No Screen scrapping
With the new PSD2 law, there will be no screen scrapping. This was a service that had been previously used by the third party service providers in accessing the user account data via HTML and hence utilize that data for their own use. However, if you are using bank feeds and still want to enjoy the screen scraping system and technology you will be required by the new PSD2 law to register for a direct feed from an established bank.
These are the major changes that are being experienced since the implementation deadline for PSD2 passed. You can read more on the available PSD2 literature that is available online for a deeper understanding of the new system, the European Payments Council, Payments UK and the FCA.