Understanding PSD2 and Making Sure Your Business is PSD2 Compliant
What is PSD2?
PSD2 is a revised Payment Services Directive, designed by the countries within the European Union, with the aim of better aligning payment regulations with modern technology and the current market. It was put into effect on September 14, 2019, and affects everything from the way we pay online to the information we see when making a payment.
The earlier implemented PSD couldn’t stay relevant forever, because technology and the way people interact with it is constantly changing. Even though it needed some revision, it did set a clear precedent for providing structure and security when making payments online.
So how do you know if the PSD2 directive affects your business? Easy. If you receive electronic payments, have an e-commerce site or sell any goods online, then you need to make sure your company is PSD2 compliant.
The directive established certain rules about specific types of electronic payments, like credit transfers, card payments and more. It only makes sense that you’d want to make sure you’re still able to receive payments, and that means complying with some of the directive’s new guidelines like RTS (Regulatory Technical Standards), SCA (Secure Customer Authentication) and a 3-D secure protocol. It sounds like a lot of changes you’ll need to make…right?! Well, don’t fret, because we’ve got you covered.
How Does This Impact Your Consumers?
There will be both a positive and negative impact on consumers with the implementation of PSD2 compliance protocols. Let’s start with the negative impacts because they are fewer and there is a good chance these issues can be resolved. The positives impacts that this directive brings seem to outweigh the negative impacts it will have on the consumers.
PSD2’s Negative Impact on Consumers
- Banks will need to put in security measures that are “compatible with the level of risk involved in the payment service to find the right balance between security and user convenience.” This means the banks will have the right to decide which transactions they consider low-risk or high-risk.
- Customer conversion rates can be impacted by the implementation of SCA and 3-D security protocols. These protocols add an extra step to the checkout process and depending on the design of the process, this could cause some consumers to be frustrated when making payments. Users are the key to success; they make the payments – so it’s important to ensure that users aren’t leaving your business for another, with a better-designed checkout process.
- Although additional security measures are necessary, SCA and 3-D secure protocols can be frustrating for customers who are making recurring payments. It’s said that there will be a “whitelist” of beneficiaries that a cardholder’s bank can issue, where they won’t need to go through the SCA process, but these are not widely being used at the moment. The hope is that we will see more of these whitelists in 2020.
- According to Finextra, 41% of 442 EU banks failed to meet the March 2019 deadline for PSD2 compliance. Banks need to be PSD2 compliant to ensure a seamless user experience. It’s also up to banks to define a common approach to these changes, within their country or regionally because they will need to work with one another, as well as TPPs (third-party providers).
PSD2’s Positive Impacts on Consumers
- PSD2 will disrupt the monopoly banks have on their user’s data. This allows merchants to retrieve your account data from your bank, with your permission, of course! This means you can make payments directly with the merchants, rather than being redirected to another service like PayPal, UPay or Visa. This also means that TPPs are allowed to access linked accounts and initiate payments services.
- New security measures mean that initiating and processing electronic payments are more secure than before. Consumers have more protection over their financial data. Protocols like SCA, 3-D Security, alongside Risk Management and TRA (Transaction Risk Analysis) help to maintain the security directives required by the PSD2.
- PSD2 also increases consumers’ rights in more than just access to their data. It also includes reducing the consumers’ liability for unauthorized payments and introduces an unconditional refund right for direct debits in euro. This was applied in January 2018.
- PSD2 prohibits using non-transparent pricing methods for international payments. Although some governments haven’t complied yet, the hope is that they will all have to as a result of the Europe-wide implementation of the PSD2 directive.
- The fact that the PSD2 has changed the way we are banking, means it’s opened a lot of doors and will continue to, for Fintech companies. These TPPs will shake up the payments market and encourage competition, which banks always had a monopoly over. This gives consumers access to their banking data and initiates supporting banks to exchange customer data with third parties securely. With the constant evolution of financial services and online payments, the new rules will apply to both traditional banks and TPPs.
- The directive reduces the risk of fraud in online payments, as a result of the new security measures that need to be implemented to ensure a business is PSD2 compliant. The protection of consumer financial data means that all market operators will respect their privacy. This should boost people’s confidence in making online payments.
- Finally, the PSD2 improves the complaint procedures, obliging the Member States to designate competent authorities to handle complaints from interested parties and payment service users. PSPs are required to respond in written form to any
What are the Challenges With PSD2?
The obvious challenges with the PSD2 directive will be related to non-compliance. This includes issues like declined payments. This can happen if a business fails to implement an SCA in their checkout process, meaning banks will decline the payment. This is not great for businesses, but also frustrating for users.
Another challenge is concerning customer conversion rates. As a result of the SCA protocol requirement in the checkout, many businesses are concerned that it may deter customers from making payments. The SCA adds a step to the checkout process, and even though the system will be similar across the board, it could differ depending on the way a business, or PSP, designs the flow of their payment process.
The challenges with PSD2 are less about individual companies implementing the protocols to continue receiving online payments. The greater challenge is getting banks to comply with the guidelines by the set deadlines, as well as ensuring governments are on board with the changes and enforce them.
A survey carried out by a Swedish open banking platform shows that out of 442 European banks, 59% did comply with the PSD2 directive’s guidelines by September 14th, 2019, but there was still a significant minority that failed to do so. Germany, Finland, Belgium and Sweden all had compliance rates above 80%, but other countries like France and Denmark were below 50%. The UK was at 64% and the Netherlands at 67%.
Although the original PSD directive, as well as the revised PSD2, states that consumers should know the real costs and charges when they are transferring money abroad, it’s uncertain that governments will uphold this commitment. In February 2017, the UK Government ignored this transparency measure in their draft of their Payment Services Regulations. This means that brokers and banks can still hide charges in exchange rates, which are already lower than mid-market rates you’ll see on other foreign exchange rate tools like Google or XE.com.
Make Sure Your Business is PSD2 Compliant
Becoming PSD2 compliant requires having an SCA (Strong Customer Authentication) in your checkout process. Matrix Internet states that there you’d need at least 2 of the following:
- Passcode or PIN – something only the user knows
- Token or mobile phone – something only the user possesses
- Fingerprint, facial scan, etc. – something the user is
3-D Secure is a protocol designed as an additional security layer for online transactions, allowing customers to verify their identity when making card-not-present online transactions
There are a couple of ways you can make sure that your business complies with the PSD2 directives new guidelines – and in turn, make sure that you’re able to receive payments without any problems.
The first option is to build authentication into your checkout process. This means you ‘d be handling the implementation of an SCA and 3-D Security on your own. This allows you to retain a bit more control over your checkout experience directly. The second option is choosing a PSD2-compliant PSP (Payment Service Provider). These PSPs offer hosted checkout options that take care of all of the PSD2 compliance for you. Cooperating with a PSP means that you can spend less time worrying about whether or not you are compliant, and focus on your business.
Article written by Sona Kerim.