Do You Know the PSD2?

Big Changes to This EU Rule Could Affect Consumers Around the World

The Revised Payments Services Directive—also known as PSD2—is a new law set to take effect in the EU in September 2019. The PSD2 has two key components.

It mandates:

  • Strong customer authentication (SCA) requirements for online transactions.
  • Banks and financial institutions must give third-party payment services providers access to consumer accounts (with consumer consent).

What does that mean, though? Even more important, how will this new rule impact the business environment outside of Europe? Let’s take a closer look and see how the new PSD2 may change the game for consumers, banks, and retailers.

PSD2: Explained

The Revised Payment Services Directive is a proposal first adopted by the European Parliament in October 2015. The rule essentially lets third-party services operating in the EU fill many of the roles previously restricted only to banks. This opens up new options for consumers when deciding how and where to manage their money.

Facebook and Google, for example, are now free to offer services like integrated bill pay, funds transfers, and analytics. This exposes banks, as well as the card schemes like Visa and Mastercard, to more competition. The PSD2 has three stated goals:

  1. Improve consumer protections in online payments.
  2. Promote greater innovation, more options, and better service for EU citizens.
  3. Make cross-border payments more secure.

Of course, lawmakers didn’t undertake this process lightly. Companies outside the traditional finance sector who want to take on payments and finance roles need to comply with strong customer authentication rules and higher data security standards.

Potential Problems with PSD2

As the old saying goes: “the best laid plans often go awry.” Even if PSD2 is a positive step forward and a great innovation for the marketplace, there could still be negative ramifications, confusion, and uncertainty involved.

New players who want to get into the payments industry are described in the law as payment initiation service providers (PISPs). A PISP essentially gives consumers the option to make payments direct from their bank accounts, rather than using a credit or debit card as an intermediary. However, that distinction raises a key question: what about when a payment goes wrong?

Under the law, consumers have the right to dispute a transaction made using a credit or debit card if the transaction is fraudulent, or if there’s some other error. We don’t exactly know how disputes will work—if at all—under PSD2, though.

The PSD2 rules could also cause headaches for businesses, even here in the US. Some of the provisions in the law apply to so-called “one-leg transactions,” or transactions in which at least one party is within the EU. So, even businesses here in the US might be forced to comply, which could be a costly, error-prone, and time-consuming process.

At the end of the day, the Revised Payments Services Directive is a positive step forward. It raises the bar for consumer verification and security, while also putting more options in consumers’ hands. The rules still leave a lot of questions unanswered, though, which could create problems down the road.