PSD2: The European Directive Mandating Open Banking

Definition

The Revised Payment Services Directive (PSD2) is a legislative framework established by the European Union to regulate payment services and payment service providers throughout the European Union and European Economic Area (EEA). Implemented on January 13, 2018, PSD2’s primary goal is to foster innovation, enhance competition, and ensure the security of electronic payments and consumer protection by mandating the adoption of Open Banking.

Key Objectives of PSD2

• Innovation: Encourage the development of new payment services and financial technologies (FinTech).
• Competition: Level the playing field by allowing Third-Party Providers (TPPs) to offer services that traditionally were the domain of banks.
• Security: Enhance the security of payments and reduce the risk of fraud through strict security requirements.
• Consumer Protection: Increase transparency and protection for consumers using payment services.

Open Banking

PSD2 requires banks to open their payment services and data to third-party providers through Application Programming Interfaces (APIs). This creates a collaborative ecosystem where account information and payment initiation services can be provided by non-banking entities.

Strong Customer Authentication (SCA)

To ensure the security of electronic payments, PSD2 mandates the implementation of Strong Customer Authentication (SCA) mechanisms. SCA requires at least two independent factors from the following categories:

• Knowledge (e.g., password or PIN)
• Possession (e.g., mobile phone or hardware token)
• Inherence (e.g., fingerprint or facial recognition)

Third-Party Providers (TPPs)

PSD2 identifies three types of TPPs:

• Account Information Service Providers (AISPs): Offer aggregated account information from different banks.
• Payment Initiation Service Providers (PISPs): Initiate payments on behalf of users.
• Card-Based Payment Instrument Issuers (CBPIIs): Issue card-based payment instruments accessing a customer’s payment account.

Historical Context

The original Payment Services Directive (PSD) was implemented in 2007. However, advancements in technology and the increasing number of new market entrants necessitated an update to the regulatory framework, leading to the introduction of PSD2 in 2015. By addressing inefficiencies and inconsistencies, PSD2 enhances the existing framework to accommodate evolving technological and market developments.

Examples of PSD2 in Action

• Open Banking API Usage: FinTech companies like Yolt and Revolut leverage PSD2 to offer innovative financial services directly to consumers.
• SCA Implementation: European banks have integrated multi-factor authentication processes into their login and payment confirmation workflows to comply with SCA requirements.

What is the significance of PSD2 for consumers?

Consumers benefit from increased security, more payment choices, and enhanced financial services due to the competitive landscape fostered by PSD2.

How does PSD2 impact banks?

Banks must adapt by providing secure APIs and fostering collaborations with FinTech companies, potentially transforming their product offerings and business models to remain competitive.

What are the penalties for non-compliance with PSD2?

Non-compliance with PSD2 regulations can result in significant fines and legal repercussions, varying by member state within the EU.