Payment Services Directive 2 (PSD2): A Brief Overview
Posted on 15 Oct 2020
The Payment Services Directive (“PSD”), which was adopted by the EU in 2007, regulated information requirements as well as the obligations and rights of payment service users. The establishment of these rules has encouraged the creation of an EU internal market for payments. The recent emergence of new processes and technology within the payments industry has limited the scope of the original PSD and prompted the introduction of the Payment Services Directive 2 (“PSD2”).
The key aims of PSD2 are to:
- Make payments safe and more secure;
- Protect customers;
- Encourage greater competition for payment service providers (“PSP”); and
- Provide a more integrated and efficient European payments market.
PSD2 builds on the previous legislation in the following ways:
- Improving security requirements – the legislation introduced new requirements relating to security and operational risks. Most specifically, PSPs must update their authentication procedures.
- Enhancing conduct of business requirements - i.e. reducing the liability of payment service users and increasing competition, by enabling the use of payment initiation service providers.
- Expanding the scope of the payment services regulation.
- Limiting and removing the number of exclusions that were previously available under the PSD.
The scope of PSD2 widens the geographical scope provided by the original legislation. Furthermore, the following PSPs are now covered by PSD2: payment institutions, credit institutions, e-money institutions, and central banks.
The legislation aims to increase competition within the payments sector as it promotes open access to payment systems and accounts.
Additionally, it introduced two new regulated payment services: Account Information Service Providers ("AISPs") and Payment Initiation Service Providers ("PISPs").
An AISP is a service which is made available to users of payment services with online access to accounts through which the payer can get a consolidated view on all their payment accounts through one online platform.
A PISP is a service where a payer can make an online payment through a service (such as direct debit) to a third-party beneficiary.
PSD2 Open banking
Under PSD2, both AISPs and PISPs are recognised as Third Party Providers (TPPs) – which is an authorised online service provider that has been introduced as a part of ‘Open Banking’ (which covers a set of rules permitting TPPs of financial series to access consumers’ financial data with their consent).
With the introduction of PSD2, the FCA changed some of their rules and guidance for the sector. The FCA considered, some of the following issues: its approach to the authorisation, registration and change in control of firms affected by PSD2; complaints handling procedures; and regulatory reporting, notification and record keeping requirements.
Shortly after the implementation of PSD2, the FCA also published a Dear CEO letter and statement regarding ‘strong customer authentication’ (SCA) – which the European Commission defines as authentication that uses at least two of three verification elements:
The main purposes of the PSD2 SCA is to reduce fraud from ‘card-not-present’ transactions, providing consumers with safer online purchasing experiences.
The new PSD2 directive was originally due to take effect on the 14th September 2019. However, the European Banking Authority (EBA) granted an extension to the PSD2 deadline to 31 December 2020.
PSD2 and Laven: How can we help?
Laven can help your firm in becoming independently authorised under PSD2 by assisting with the preparation and submission of the application. After the initial application, Laven can continue to provide ongoing compliance support to ensure a firm is maintaining their regulatory and reporting obligations.