PSD2 revision: The Next Chapter of Payment Services

29 / 09 / 2023

As explained by Wolf Kunisch, Head of Group Strategy, Public & Regulatory at Worldline, June 2023 marked a pivotal moment in the evolution of the European framework. And as Europe’s leading payment company, Worldline welcomes these developments.

One of the major regulatory evolutions within the European framework is the revision of the Second Payment Services Directive (PSD2 revision), with a proposal published in June this year.

What is the history of this directive?

The Second Payment Services Directive (PSD2) was released in 2015 (and implemented in 2019) by the European Commission with three main objectives:

  • To foster innovation in the payment industry,
  • To protect consumers and their transactions from fraud,
  • To support competition in retail payments.

Following this directive, major new topics were integrated such as the notion of Strong Customer Authentication (SCA) to secure all sensitive operations (online payment where the card is not present, access to accounts, and all use cases susceptible to fraud) through the use of two different authentication factors (possession, knowledge and inherence). Another significant topic was found in the “Access to Account” provisions, which required banks to provide easy and reliable access interfaces to licensed third parties, meaning banks had to embrace new technologies.

The European Commission launched a public consultation to gather assessments and conclusions regarding PSD2. Four problems were identified:

  1. Security risks : users continue to be exposed to fraud risk and to a limited choice of payment services,
  2. Obstacles in the open banking sectors,
  3. A gap between banks and non-bank PSPs,
  4. A fragmented European market.

A revision of the directive was therefore deemed necessary to address these challenges. In June 2022, the European Banking Authority (EBA) published a formal opinion with several amendments for the PSD2 revision such as:

  • Addressing new security risks (such as social engineering),
  • Ensuring no exclusion of user groups for SCA
  • Clarifying authentication delegation rules and the nature of exemptions

PSD2 revision

One year later, on 28 June 2023, the European Commission published its proposal for a PSD2 revision (link : https://finance.ec.europa.eu/publications/financial-data-access-and-payments-package_en).

This PSD2 revision proposal is divided into three components:

  • PSD3: a European Directive that needs to be transposed into the national laws of European Member States. It provides rules for the authorisation of payment institutions, but implementation varies across countries.
  • PSR: a European Regulation that applies directly in Member States without the need for national implementation. It creates an unified legal framework for payment operations across the European Economic Area.
  • FIDA : Financial Data Access and Payment is a legislative proposal for a framework for financial data access. It provides clarification on the rights and obligations for data sharing.

What are the different stages of this revision ?

This revision will inevitably impact banks and the current market. Nevertheless, it should be emphasised that PSD2 revision is currently in the proposal stage. Some elements may change and will be clarified with the Regulatory Technical Standards (RTS). Worldline, as a payment company, is preparing for these upcoming changes.

We will be publishing three more blogs to highlight the changes and how Worldline will support you during this transition.

The second blog is already available ! Exploring the effects of PSD2 revision on the Authentication & Security framework right here: Exploring the effects of PSD2 revision on the Authentication & Security framework.


Glossary:

Payment Services Directive X (PSDX): a directive aimed at regulating payment services and payment service providers in the European Union.

Payment Services Regulation (PSR): A regulation resulting from the revision of PSD2,dealing with the rules and obligations around payments.

Financial Data Access (FIDA): A framework that establishes rights and obligations for managing customer data sharing in the financial sector.

European Banking Authority (EBA): A supervisory authority (one of three) contributing to technical standards related to banking.

Regulatory Technical Standards (RTS) : Technical definitions and specifications, brought by an European Supervisory Authority, on top of a legislation.

 

Cassandra Neron

Product Marketing Manager, Authentication Services, Worldline

Find out more