PSD2 is Here. Here’s What You Need to Know.
No policy change coming in 2018 promises to disrupt the payments industry more than the Revised Payment Services Directive, or PSD2.
The EU directive, which took effect on the 13th January 2018, opens a world of new opportunities for consumers and businesses. But like any major policy change, there’s a lot of uncertainty involved.
Let’s delve into the new PSD2 and see what benefits—and new vulnerabilities—you should expect.
The PSD2: Explained
The Revised Payment Services Directive is a proposal adopted by the European Parliament in October 2015. Under the new rules, both consumers and businesses operating in the EU will be able to use third-party services to fill many of the roles previously restricted only to banks.
Players like Facebook and Google, for example, are now free to offer services like integrated bill pay, funds transfers, and analytics. Banks and card schemes are no longer insulated from competition with PSD2 in place; the field is open to any entity willing to offer financial services.
The European Commission drafted the PSD2 protocol with three specific goals in mind:
The Revised Payment Services Directive promises to simplify commerce and banking online. This sounds good, but we must ask: can there be unintended negative consequences?
The PSD2 introduces opportunities for new payment initiation service providers (PISPs) to bring products to market. With PISPs, consumers have the option to make payments direct from their bank accounts, rather than using a credit or debit card as an intermediary. Many hail this as an opportunity to upend the card schemes’ dominance over payments and open the market to greater competition, but it also introduces new uncertainties:
When consumers use their credit or debit card, they are protected by the card schemes as they have effective chargeback programs in place. When transactions are processed using PISPs, theses transactions will be treated as money transfers which means this card scheme protection will not be available. If PISPs cannot provide the same level of protection on payment cards, consumers confidence will be shaken.
PSD2 also mandates that online payments employ 2-factor authentication. While experts have advocated for adopting 2-factor authentication tools like biometrics for years, it’s not as simple as it looks.
The European Banking Authority suggests that their regulatory technical standards should be viewed as formal guidelines for implementing these tools. But the final draft of these standards will not be published until the end of 2018. The gap between the beginning of PSD2’s adoption and the finalizing of regulatory standards creates a gap for criminals looking to take advantage of inconsistent policies.
The regulatory standards also mean merchants won’t be able to implement customised fraud prevention tools based on personal risk assessment. In terms of security, the standards prescribe what a merchant must have…regardless of whether they need it or not.
A Trident of Change in Europe
Download our FREE WHITEPAPER to understand how to turn the challenges that come with the Digital Single Market (DSM), the Revised Payments Services Directive (PSD2) and the General Data Protection Regulation (GDPR) to your advantage.
Effect on Non-EU Merchants
“So what?” you may be asking, “I operate outside the EU.” Be prepared: the PSD2 will affect your business, no matter which side of the pond you call home.
These standards still apply to so-called “one-leg transactions,” or transactions in which at least one party is in the EU. Thus, merchants in North America will need to abide by these rules if they want to do business with consumers in EU member states.
Positive Change, but Uncertain Adoption
Overall, the PSD2 is a positive step forward for global eCommerce; the directive promises to improve and standardise security across the board, and to promote greater innovation and competition. However, the scope of this policy update still leaves us with uncertainties.
Rational and well-intentioned revisions can often have negative consequences. Think how EMV adoption in the US led to a surge of post-EMV chargebacks for eCommerce retailers, or how the Digital Single Market threatens to turn Europe into a “walled garden” for eCommerce.
There will still need to be a consumer fraud protection mechanism in place under PSD2. It’s not clear yet whether that means adopting existing chargeback policy to a post-PSD2 environment, or creating a new consumer protection practice. Either way, we recommend that you insulate yourself against any potential negative ramifications from this update; that way, you can enjoy the added benefits of widespread standardisation, without any of the risk. Click below to find out how.