What is PSD2?
In 2015, the European Parliament adopted the European Commission’s proposal for safer and more innovative European payments, to replace the Payment Services Directive (PSD), implemented in 2009.
The new rules provide improved consumer protection when paying online, while also promoting the development and use of innovative online and mobile payments, making open banking safe.
PSD2 has the potential to fundamentally change the way we bank in the near future. It establishes two directions for open banking:
- Better security for online payments by strengthening consumer protection and security requirements for companies providing payment services in the EU. This means that every Payment Service Provider (PSP) will have to apply multifactor authentication for all electronic transactions above 30 EUR (with some exceptions – we’ll cover these).
- More freedom when choosing with whom to bank by opening the EU payments market to innovation and competition – Open banking. This means that every bank has to provide access to client accounts to third-party providers – of course, with the client’s consent. Banks will have to give access for the following services:
- balance and transaction information
- initiate payments from a client’s bank account
- check the availability of funds
PSD2 will affect every business operating on the European payments market – and any company providing payment services in the EU will have to be PSD2 compliant.
Right now, online retailers are spending 8% of their annual revenue on fraud management and prevention, according to a new study from the research consulting firm Javelin Strategy and Research.
In this environment, it is important to have strong customer payment authentication, especially when we consider the growth of online purchases. How fast are online purchases growing? Well, Shopify research predicts a 246% increase in global e-commerce sales – that’s up from $1.3 trillion in 2014 to an expected $4.5 trillion in 2021.
The area of PSD2 that deals with security is governed by the Secure Customer Authentication (SCA) rules. SCA requires that banks use multifactor customer authentication for electronic transactions. This means that, in the future, if a customer wants to pay for something online, they won’t be able to use “one-click checkout”.
Instead, customers will have to confirm every transaction over €30 EUR using a multifactor authentication method, such as Two-factor authentication (2FA). However, depending on a company’s fraud prevention score and its ratio, it can be possible to exclude transactions valued up to €500 EUR from SCA requirements. This is shown in the table, below.
|Exemption Threshold Value||Remote Card-Based Payments|
|€250||0.01 – 0.06|
|€100||0.06 – 0.13|
|€0 – €30||Exempt|
So, if a bank has a fraud ratio between 0.01 and 0.06, then transactions of up to €250 EUR will be exempt from SCA requirements. Or, from the customer perspective – customers will not need to perform two-factor authentication for these transactions.
Like we said – the SCA will help keep client accounts secure, but this will come at the cost of user experience. SCA-mandated customer authentication will need to be offered over commonly used 2FA channels (SMS, voice, chat apps, push and in-app notifications). Used wisely, this can help to reduce some of the friction caused by diminished UX.
Push notifications are a great way to provide maximum security with minimal friction in a PSD2 world. Customers are able to authorize transactions by simply pressing “Yes,” while the transaction complies to PSD2 requirements.
What is Open Banking?
We explained that one of the novelties of PSD2 is that it will enable bank clients to use third-party providers to manage their finances. This means that in the near future, clients could be using Google or AliExpress to pay their bills over their domestic bank account.
This is what we mean by “open banking.” Open banking works by having each bank expose their APIs to third-party providers, who can then build financial services on top of banks’ data and infrastructure.
Open banking means that customers will be able to make peer-to-peer transfers via third-party apps that are independent of their banks. And they’ll be able to use these apps to track their spending while keeping their money in their regular bank accounts. Banks for their part will be obligated to provide these third parties with access to customers accounts through open application program interfaces (APIs).
Tech leaders (think Google, Amazon, Facebook, and Apple) will be competing with banks on their home turf. And while big tech will be fierce competitors with their billions of users, banks will retain certain advantages. Primary among these are banks’ established reputations and customer bases. Of course, nobody expects certain bank client behaviors, such as seeking mortgage advice and financial planning in-branch, to change.
Customers are demanding a better customer experience, however, and thanks to the EU banking directive, this could go global. India is close behind the EU with similar regulations, with Canada and Mexico likely to follow. This means that open banking is something that is sure to impact the global banking environment.
How will Open Banking look with Big Tech?
Think of it like this: you’re browsing something on AliExpress. You find exactly what you’re looking for, but it costs $5,000 USD. You just don’t have that money on hand. But AliExpress is connected to your bank account (of course, you consent to connect your bank account to AliExpress), and thanks to this they know you’re eligible for a loan. With this knowledge, AliExpress can offer you a loan to buy the perfect item you just found but thought you couldn’t afford.
Banks are facing some challenges with open banking, with new players potentially entering the banking arena. Third parties will be able to build financial services on top of banks’ data and infrastructure.
In an open banking ecosystem, messaging will play a key role in maintaining and creating relationships with banking clients, informing clients about any changes, and transparently communicating all matters related to them.
To sum it up, with all the changes PSD2 will introduce to the EU financial market, one thing is certain: clients will profit from increased security, and new competitors will improve the quality of banking services.
To learn more about PSD2 and how technology can improve customer experiences, download our free white paper: Be PSD2 Compliant: 2FA for Strong Customer Authentication.