Designed by the countries of the European Union, PSD2 is a revision of the Payment Service Providers Directive (PSD). It is a European regulation for electronic payment services. It paves the path for EU-wide harmonization of online payments to facilitate greater security and reliability for payment transactions. PSD2 introduces two significant changes:
- Primarily it requires banks to open bank data to third party providers, namely, Payment Initiation Service Providers (PISPs), and Account Information Service Providers (AISPs)
- It introduces the Strong Customer Authentication (SCA) mandate that has increased the security requirement on electronic payments.
The introduction of PSD2 is seen as a banking revolution. It seeks to shape the future of fintech. PSD2 aims to drive innovation and has created an ecosystem that enables easy and secure data sharing between financial institutions, TPPs, and customers. PSD2 is a statutory framework, and the revised regulations simplify the standard banking operations for consumers, leading to the exclusion of middlemen. It defines pathways to improve consumer protection and reinforce security within the payments market that is leading to the development of new methods of payment and eCommerce. If your business processes payments completed in the EU, you need to incorporate the PSD2 compliance solutions.
PSD1 vs. PSD2
PSD1 creates rules and guidelines that simplify and modernize payment services in the EU. However, within the ever-evolving marketing and financial ecosystem, the PSD1 had various gaps and vulnerabilities that failed to promote the desired innovation, create competition, secure payments, and protect consumers. To address these shortcomings it paved the path for the introduction of PSD2 as the revised Payment Services Directive. PSD2 has leveraged open APIs through which the banks can securely expose customer data to TPPs, subject to their consent.
PSD2 mainly incorporates the following changes:
- ‘One leg out’ transactions: It covers transactions where a payment service provider does not fall under the EU. PSD2 is increasing the scope of one-leg out transactions. It also includes the cross-border payments in foreign currencies, which the PSD1 did not cover.
- Access to accounts (XS2A): Based on customers’ consent, PSD2 enables and regulates access to their accounts. The banks can thus provide TPPs secure access to customers’ banking data with permission.
- Preventing payment surcharges: PSD2 seeks to ban surcharges on certain card payments that consumers make for online transactions for certain sectors such as the travel and hospitality industries.
- Increased security for online payments: PSD2 has optimized security and robustly protects consumer information through SCA. It also adds layer of authentication to check into the growth of online remote payment fraud.
New Partners: PISP and AISP
Previously, since the collection and use of customers’ information were highly unregulated, it was difficult to trace which banking and non-banking entities were involved. Under PSD2, the TPPs are gaining recognition by introducing two critical derivatives. It includes:
- PISP: It is the abbreviation for Payment Initiation Service Provider. PISPs are service providers that initiate payment on consumers’ behalf. They provide an online service for initiating payment orders when the payment service user (PSU) requests that particular payment account. It involves fewer parties, and the customer does not have to reveal the bank details when processing the payment.
- AISP: AISP stands for Account Information Service Provider. They provide account information services as an online service. AISPs are firms that have access to bank customers’ details. AISP offers an overview of customers’ payment account details, enabling consumers to seamlessly navigate through the process.
PSD2 Strong Customer Authentication
PSD2 strong customer authentication (SCA) solutions require stakeholders to leverage at least two elements among “KHI”:
- K: Something that the customer knows, like a password and pin code.
- H: Something that a customer has, like a mobile phone, a token generator.
- I: Something that a customer is, like biometric identification data.
- Read also more about f95zone
Does PSD2 apply to all transactions?
Not all transactions come under the purview of PSD2. Some specific highlights include the following:
- PSD2 applies to one-time transactions. It also includes the initial sign-up transaction for a subscription, processed through credit cards and other payment methods.
- Most alternative payment methods like Apple Pay, Amazon Pay, and PayPal are already PSD2-compliant. It effectively meets the SCA requirements. The cash payments, however, are exempted from PSD2 requirements.
- PSD2 is not applicable Merchant-Initiated Transactions (MIT), like recurring subscription charges.
How can your business prepare for PSD2?
- Start Implementing MFA: Multi-factor Authentication (MFA) is a core aspect of PSD2. Thus, ensure that you integrate it into your apps, services, and platforms.
- Audit Your EU Operations: It will help you effectively align to PSD2 compliance. Implement MFA and complaint response processes to adhere to PSD2.
- Optimize Anti-fraud Efforts: Ensure that you are boosting your anti-fraud measures. Incorporate additional measures such as strong firewalls and conduct penetration testing. Integrate PCI compliance for enhanced protection.
These are a few things you should know about PSD2. It seeks to optimize innovation and break the mark from the current banking monopoly. It is effectively leveling the playing field for payment service providers, encouraging lower prices for payments, and making payments more secure.
Read also about : Benefits of Homoeopathy Medicines You Should Know About