PSD2 in a nutshell
PSD2 (Revised Payment Service Directive) is a directive issued by the European Commission in order to fortify customer rights, facilitate competition in banking, and increase Internet payment safety via SCA (Strong Customer Authentication). The original European payment services directive came into force in 2007. The PSD2 directive expands considerably on the original version of PSD.
PSD2 in practical terms
The aim of the PSD2 regulation is to create open banking in EEA, while ensuring online payment security based on defined rules. For the first time ever, this directive authorizes bank customers to use the services of third-party providers through open APIs. Rather than rely completely on traditional banking services, PSD2 enables both customers and businesses to manage finances more conveniently and affordably via a wider choice of third-party providers.
Customers will be able to use various fintech services to analyze their spending, pay bills, take loans or make transfers, while their money is deposited in their bank accounts. European banks are obligated to create a system of open APIs that provide access to customer accounts. Third-party providers are authorized to provide financial services while using bank data.
The deadline for all EU member states to enact PSD2 into national law was January 2018. Following the initial stage, two deadlines were stipulated:
- March 14, 2019
By March 14, 2019, all Account Servicing Payment Service Providers (ASPSPs) – which refers to any institution that provides and manages payments accounts – were supposed to have set up a testing or sandbox environment including APIs, support and documentation. The comcept was to provide a six-month period to test authorising payment services before the final date of implementation.
If a financial institution is incapable of setting up secure APIs independently, it can partner with a technological network with readymade API portals.
- September 14, 2019
The final compliance deadline is mid-September of this year. At this stage, SCA will be required as well as access to accounts (XS2A). SCA is a crucial element, which obligates customers to authenticate themselves by combining two out of the three following options:
- Something you have – using a device only available to the customer (such as a cell phone)
- Something you know – unique information (such as a PIN) only available to the customer
- Something you are – physical evidence unique to yourself such as facial or voice recognition
Optimizing the purchasing process
While robust security is vital, it is no less important for the merchant to ensure a frictionless user experience. To facilitate the process, some operators are adopting behavioral biometrics, which uses machine learning to analyze a user’s unique typing cadence, finger pressure or other personal parameters in order to ensure continuous authentication behind the scenes.
Other ways for merchants to ensure smooth purchasing processes include the use of e-wallet payment methods (which already include two-factor authentication), integration with payment platforms that optimize payment processing, and developing user-friendly mobile apps for seamless shopping experiences.