PSD2? PSD2 Directive? Do these terms sound familiar? Do you know what we’re talking about? If you don’t, you’ll soon find out as it will affect your money and you’ll start receiving requests from non-banking companies asking for access to your financial data.
The relationship established between banks and customers is going to start changing at a rapid pace, driven by the digitalization of satiety that affects businesses and consumers, thus forcing administrations and public authorities to regulate new relationships with their customers. Especially when it comes to money and data.
From September 14, the measures of the PSD2 directive that was approved in 2015 will become effective .
With this measure, based on an online payment method, the aim is to achieve faster and more secure management of personal finances. According to experts, banking users and online shop customers will benefit the most from these aspects.
Contenido del artículo
- What is the PSD2 or Payment Service Directive 2?
- What is the aim of PSD2?
- How does the PSD2 Directive affect me as a user?
- What does the PSD2 directive bring?
- When does the PSD2 Directive come into force?
What is the PSD2 or Payment Service Directive 2?
The PSD was the first Payment Service Directive, Payment Service Provider created in 2007.
PSD2 (Payment Service Directive 2) is a European directive that aims to improve security and strengthen protection against fraud in online banking
In addition to implementing regulations on the access, by consent, of bank account data to third parties, such as Amazon or Facebook.
In other words, it’s about increasing competition in the electronic payments market to improve the consumer’s position, as the European Commission explains in its proposal created in 2007.
This is where the concept of “Open Banking” comes into play, whereby at the beginning of the third quarter banks will be obliged to give access to their customers’ accounts to third party companies, at the request of users.
This is a big change for the consumer, as intermediaries in online payment transactions are eliminated.
In addition, these companies with the information of the users’ accounts, can offer them new products either to manage their finances or to make online payments, without going through the traditional intermediaries.
What is the aim of PSD2?
The clearest objective of the new PSD2 directive is to facilitate access to the market for the rest of the financial institutions’ competitors. In this way, competition is increased, which will result in a reduction of costs for the consumer when making a digital payment.
In this sense, the PSD2 directive requires banks to give payment service providers access to their customers’ accounts, either to consult information or to make a payment directly, all with the customer’s consent.
How does the PSD2 Directive affect me as a user?
Managing payments through third parties
First of all, as a consumer, this directive will enable you to carry out your financial transactions through third parties, i.e. you’ll be able to buy a product online without having to make the transaction through your bank.
This translates into faster purchases. Until now, the customer must make the purchase through the entities that offer electronic payment services and act as intermediaries with the financial entity.
From the implementation of the PSD2 directive, thanks to the possibility of direct access to user accounts that banks will have to provide to third parties, when a customer makes a purchase over the Internet, he’ll be able to authorize any merchant to charge his purchase immediately and without using the card, like a simple transfer.
Power of rescission
Unless otherwise agreed, the user may terminate the contract at any time without notice. In the event of an agreement to the contrary, this may not exceed one month.
This termination is free of charge and only loses its free nature if the contract has a duration of less than six months.
In the case of unauthorised transactions, the new PSD2 directive requires immediate correction.
If the transaction authorisation doesn’t specify the exact amount or the amount exceeds the expected amount, the user may request a refund.
This measure benefits the user, since in the event of a dispute it will be the payment service provider who will have to prove that the transaction has been carried out correctly with the relevant authorisation.
With the implementation of the PSD2 directive, the liability of users who are victims of fraudulent transactions is limited. The maximum amount that the user will be able to bear will be 50€, compared to the previous 150€.
Enhanced Authentication or Double Authentication
As I mentioned before, the bank can provide third parties with the financial data of a consumer, and this can create mistrust. For this reason the PSD2 reinforces the security of personal data in the payment process through a system of Strong Authentication that aims to prevent fraudulent transactions.
The new PSD2 directives require the user to have at least two of the following three authentication elements
- Inherent element: Fingerprint, iris or facial recognition, standardized systems in mobile devices.
- Possessed element: Something physical such as a card, digital certificate or mobile phone.
- Possessed element: A PIN number or password. will normally be sent to your mobile device.
These changes will be exemplified:
In the APP, if you sign the transaction without leaving your phone, you’ll log in as before, without any changes. On the other hand, if you sign with a password that you’ll receive via SMS, the authentication will be reinforced with a second password that you’ll receive on your mobile phone.
On the web, you will occasionally log in to your online banking in a different way:
- With your usual username and password
- With an additional password that will be sent to your mobile phone
With these security measures the risk of threat decreases, since it’s necessary to pass a double control filter. This undoubtedly gives greater confidence and security to users in terms of the protection of their data and financial activities.
What does the PSD2 directive bring?
The measure that obliges banks to open their customers’ data to third parties will increase competition in the means of payment market, since a company that doesn’t have the necessary structure to offer means of payment can do so by relying on the infrastructure of a bank.
Thus, the PSD2 directive creates two new types of entities:
- Payment Initiation Service Provider (PISP): They offer customers to make a payment through their platforms, that are connected to a bank to finalize the transaction.
- Account Information Service Provider (AISP): They can obtain a customer’s financial information from one or more banks. AISPs are required to provide it in a way that can be presented to the customer in a combined and more attractive way than each bank separately.
What are the benefits for PISPs and AISPs?
These benefits can be grouped into two main ones.
- Financing: The PISP or AISP, can know all the payments that a client makes, therefore they’re in a favourable position when offering financing with respect to that of a bank, especially in those transactions that exceed a certain volume.
- Product advice and support: An AISP, with the user’s consent, can find out the overall position of a customer in all its targets. By analysing this data, it can create very detailed profiles and try to anticipate your needs in order to offer you products.
When does the PSD2 Directive come into force?
The PSD2 Directive was passed in 2015, but most of its provisions came into force on 25 November 2018.
However some of the most novel features of this new PSD3 directive took a little longer to come into force:
- The rights and obligations regarding the use of payment services will enter into force on 25 February 2019.
- The security measures of articles 37 – 39 and 68 of the RD will enter into force on 14 September 2019
The PSD2 directive has two features that I consider fundamental and to be taken into account. On the one hand, payment service providers will have access to the banks’ infrastructure. And on the other hand, banks will be obliged to provide third parties with access to all their customers’ information. This will have the following consequences:
- Improved integration and efficiency in the European payments market
- Reduction of barriers to entry for payment service providers, improvement of free competition
- Increased consumer protection against fraudulent transactions
- Reduced payment costs for consumers.