This summary concludes my blog post series on PSD2, where I have focused on the basic principles of the directive and its implications on financial institutions as well as merchants and the ecommerce market.
For those who are new to the banking world and PSD2 in particular, PSD2 is an upcoming payment service directive from the European commission. In hort, the directive states that banks need to offer payment APIs to third party-providers of financial services, also known as TPPs (Third Party Provider) under the XS2A (Access to account) rule. This creates some new roles in the payment landscape:
- PISP(payment initiation Service providers) will be able to initiate online payments from the payer’s bank account
- AISP(Account Information Service Providers) will be able to extract and accumulate customers account data, including transaction history and account balance
- ASPSP(Account Servicing Payment Service Providers) aka banks and financial institutions are the account providers that is required to offer APIs to PISPS and AISPs
If you would like to know more, check out my introduction to PSD2.
The directive will affect everyone in the shifting payment landscape. This include banks, fintechs, the PCI (Payment Card Industry) as well as merchants. For more information on how the directive will affect banks and merchants, check out these posts:
- PSD2 – opportunities, threats and strategic options for banks
- What does PSD2 mean for online merchants?
The revised payments services directive (PSD2) was first proposed by the European Commission in June 2013, adopted by the Parliament in October 2015 and entered into the Official Journal in December the same year. EBA has recently released the draft for the technical standards and a public hearing regarding technical standards will take place at the EBA premises on Friday 23 September 2016. Banks and other players that are affected by the directive then have until October 12th 2016 to give their response on the draft RTS. The directive was to be implemented national legislation by January 13 2018, although it is expected that the earlieest implementation date will be September 2019.
PSD2 applies to everyone under the SEPA (Single Euro Payment Area), which includesthe 28 member states of the European Union, the member states of the European Free Trade Association (Iceland, Liechtenstein, Norway and Switzerland), Monaco and San Marino. PSD2 extends the reach of the original directive, including also what is referred to as “one leg out” transactions. Transactions where at least one (and not anymore both) party is located within EU borders.
The purpose of the upcoming payment service directive PSD 2 is to create an even playing field for payments and encourage innovation. The directive has the potential to fundamentally alter the payment landscape as we know it.
In addition to the what, who, when, where and why comes the tricky part: The how
Security, compliance and authentification will always be some of the main concerns when it comes to digital banking. EBA propose the concept of Strong Customer Authentication (SCA), goes beyond two-factor authentication. In addition a first factor like a password or an PIN number and a second factor like your mobile phone or code generator, SCA introduces a third dimension referred as inherence (something that identifies that customer, such as a fingerprints or voice biometrics). There are still many, many questions regarding the how, and from a my business perspective am not even going to attempt to navigate the many legal and technical terms in the RTS any further and leave that one to the professionals.