The second payment services directive, also known as PSD2, is a regulation for electronic payment services in Europe. Its primary goals are to make payments in Europe more secure, enhance innovations in the payment sector, and help banking services employ new technologies.
This guide will explain what PSD2 is and what it means for merchants and their clients by listing the benefits of the regulations. It will also look into PSD2 compliance and regulations and explain the difference between PSD2 and open banking.
Let’s start by explaining the main terms used in relation to the revised directive.
What is PSD2?
PSD2 is an updated version of the PSD regulation, which was introduced in 2007 and created a single market for payments across the European Union (EU). The revised directive ensures that payment service providers improve the security for client authentication and brings in new regulations for third-party involvement in the payment process.
What is payment initiation service (PIS)?
Payment initiation service (PIS), in simple terms, is online payments. It covers the process of entering banking details to complete an order.
Since the introduction of PSD2, banks must open their consumers’ data to authorised third parties - financial institutions. This enables more companies to enter the market and provide payment initiation services. These companies are payment initiation service providers (PISPs).
The PISPs are the intermediaries between banking institutions and merchants. They enable direct transfers from the payer’s bank account to the merchant by using application programming interfaces (APIs) provided by the payer’s bank. The process is only possible with the payer’s permission.
What is an account information service (AIS)?
The account information service (AIS) is an essential part of PSD2 that enables companies and consumers to open up their data to authorised third-party service providers.
Account information service providers (AISPs) are financial institutions that have access to consumers' account information from their banks with explicit consumer consent. AISPs have access to data such as transactions, direct debits, account balances, standing orders, and others. All this data provides a global view of a consumer’s financial stand in a single place.
What is the purpose of PSD2?
The purpose of PSD2 is to make digital payments safer and altogether to improve the current state of European banking services for their clients. Here are the main PSD2 objectives:
- Safer payments;
- Better consumer protection;
- Fostering innovation;
- Creating a fair competition for new industry players.
Are PSD2 and open banking the same?
PSD2 and open banking are not the same. Essentially, PSD2 is a regulation that enables open banking implementation in the European Union and European Economic Area (EEA). You can find out more about open banking in our extensive guide.
What is PSD2 compliance?
To comply with PSD2, financial institutions need to meet a list of requirements. PSD2 compliance applies to companies that deal with electronic financial services, including mobile payments. The PSD2 requirements differ depending on the business focus. There are two main types of businesses that must meet PSD2 requirements:
- Financial service providers or third-party providers;
- Banks and account-holding institutions.
The requirements for these businesses are listed in the following section.
What are PSD2 requirements?
PSD2 requirements apply to financial institutions that provide electronic financial services. There are two types of financial institutions that must meet different PSD2 requirements. We’ll explain the requirements for each type of financial institution.
PSD2 requirements for third-party service providers:
- Acquire a PISP or AISP licence;
- Implement a customer identity and access management (CIAM) solution that enables facilitating:
- Strong customer authentication (SCA);
- Know your customer (KYC);
- Identity proofing;
- Build secure applications that feature explicit user consent and fine-grained access control (a method that controls who can access specific data).
PSD2 requirements for banks and account-holding institutions:
- Implement a solution for consumer identity and access management (IAM for internal, employee identities, or CIAM for consumer identities), such as SCA;
- Create application programming interfaces (APIs) that allow authorised third parties to access transactional payment data. The APIs must provide fine-grained access control, support real-time access, and provide access to account (XS2A).
PSD2 strong customer authentication (SCA) regulation
One of the main goals of PSD2 is to enhance consumer protection and reduce fraud. To achieve this goal, PSD2 enforced strong customer authentication (SCA) implementation.
SCA aims to improve security without compromising the customer experience. It promotes secure authentication without introducing complicated steps that would create friction in the payment process.
The key enabler of SCA is two-factor authentication (2FA). Consumers must provide two out of three possible independent factors to prove their identity. The three factors are:
- Something a consumer owns (i.e. a mobile phone or a tablet);
- Something a consumer knows (i.e. a PIN code);
- Something a consumer is (i.e. a fingerprint).
Some transactions are exempt from authentication, such as low-value payments or recurring transactions. The exemption also applies when users choose to make a temporary exception for a merchant they often make purchases from.
Benefits of PSD2
PSD2 benefits both merchants and consumers. Most advantages revolve around enhanced security and improved payment flow, but there are more benefits:
PSD2 benefits for consumers
Improved payment experience — one of the PSD2 objectives is to bring more innovation to the financial sector. This enables fintech companies to step into the market with new solutions that reduce friction and improve the checkout experience.
Enhanced security — reducing fraud and providing more transparency are two of the key goals of PSD2. SCA is required for all e-commerce transactions, ensuring as little space for financial fraud as possible. Payment service providers also take action to reduce fraud by implementing robust security features.
More choices — PSD2 opens the door for more financial providers to join the market, which means more payment options for consumers. New players create a competitive environment for the traditional banking system. Financial institutions are forced to review their prices and improve services to keep their existing clients.
PSD2 benefits for merchants
More information about consumers — if needed, merchants can receive financial information about their potential customers and use it for risk assessment. For example, AISPs can provide this information to loan companies.
Flexible payment options — PSD2 gives merchants an opportunity to offer more payment methods to their customers. Offering a range of payment options can increase client retention rates and lower abandoned carts.
Reduced fraud — reduced fraud in the e-commerce industry increases client trust. Clients may be reluctant to make large purchases from small companies if their payment system doesn't look trustworthy. Partnering with reliable online payment gateway providers may solve this problem.
The revised payment services directive aims to improve European payment services. Its goal is to reduce payment fraud and improve the consumer checkout experience. The directive helps create a payment ecosystem where traditional banking institutions and approved third-party service providers can conveniently exchange information for the benefit of consumers.
PSD2 has brought new players into the market - licensed third-party service providers. Just like traditional banks, the third-party providers have to comply with PSD2 requirements. One of those requirements is SCA, or strong customer authentication, which has introduced the world to a new type of online authentication method, two-factor authentication.
The directive brings new opportunities to both consumers and merchants by ensuring enhanced payment security and improved customer payment experience. The benefits also include introducing more payment options for buyers and providing merchants with more information about their consumers.
kevin. is an excellent example of what payment solutions PISPs can offer thanks to the PSD2. Companies can now enjoy secure and quick payments that allow them to save on card transaction fees. Find out how uniPark implemented kevin. payment infrastructure to offer their clients secure and cost-effective parking payments.