The Payment Services Directive 1 (also known as PSD1, Directive 2007/64/EC) is being replaced by a new directive affecting EU-based banks, fintech and businesses.
PSD2 was created with the aim to ‘ensure a level playing-field’ within banking, while increasing competition and participation from non-traditional banking entities to complement user protection, as well as the rights and responsibilities for payment providers and users of those services.
As of the 13 March 2018, the European Parliament and the European Council approved the new directive, subsequently providing a delay of 18-months to allow the implementation. This directive would come into effect from the 14 September 2019.
The initial plan was for new, dedicated, Open API interfaces to be available for a six-month testing period. As part of this, European regulators completed new technical standard requirements and defined precisely how banks must link their technology platforms to users and clientele.
However, it transpired that many banks and merchants were not ready for either the March or September deadlines. Subsequently, the EBA reset the deadline for the end of 2020. According to Finextra, 41% of the 442 European banks failed to meet the March 2019 deadline. The main failing was that they “could not provide a testing environment to third-party service providers”.
This additional six-month testing period before the September deadline was seen as critical for them to test the APIs that will allow them to safely to banks, whilst also being key to trial new services to clients as a consequence of the changes. The EBA’s announcement of an extension unmistakably revealed that massive numbers of online merchants were not ready for this change, which they were forced to acknowledge with the postponement.
The new deadline to implement Strong Customer Authentication (SCA) has had further impacts from vertical based delays and most notably current events, with the unprecedented effect to almost all industries due to the Covid-19 pandemic.
The core principles of PSD2 are to ensure a seamless and best-in-class user experience. PSD2 requires that banks provide security measures that are “compatible with the level of risk involved in the payment service” ensuring the right balance between user convenience and safety.
With this evolution in expected service and security requirements, many banking entities are turning to software such as Scout™ to improve their process through automation. Utilising the enhanced and automated data-cleansing and risk-scoring capabilities of software such as this is proving increasingly popular in helping to remain complaint.
When finally launched, the success of PSD2 will ultimately be determined by effective relationships between retailers, fintechs and banks. The success of the associations will be driven by the ease of implementation of key APIs that banks need to open to any third-party provider, that is then able to aggregate account data to initiate payment services quickly and safely.