For SDC’s customers, the EU's PSD2 requirements can become a strategic springboard for a digital front position with new roles, relationships and services.
What is PSD2?
PSD2 is a revised Payment Services Directive, which aims to:
- create a payment environment with high competition, innovation and security for the benefit of all stakeholders - the consumers in particular
- help the framework for payments to better meet increasing demands for an efficient European payment market
- establish current EU rules for payment services
- reduce consumer costs
When does it come into force?
PSD2 must be implemented in national legislation in EU member states no later than January 13, 2018.
Once the EU has adopted Standards for Security (SCA - Secure Customer Authentication and SC-Secure Communications), there is 18 months before they come into force.
With PSD2, the EU sets a number of new requirements for banks, stores and third party service providers (Third Party Providers - TPPs).
The biggest changes that come with PSD2 are:
Open Payment Accounts - Access to Account or XS2A
This means that a bank customer is given the opportunity to grant a third party (TPP) access to make payments or retrieve information just the way the customer does it him/herself in the online bank.
The directive is sharpening the security requirements (as mentioned above) for payments by requiring strong customer authentication (SCA) through two-factor solutions when a user:
1) access their payment account online,
2) initiates an electronic payment transaction, or
3) carries out actions through a remote communication device that may pose a risk of abuse.
Limitation of fees
The directive introduces a ceiling for interchange fees of 0.2% of the purchase price for debit cards and 0.3% of the credit card purchase price.
Prohibition of re-invoicing fees
So far, the stores have been able to choose to re-bill charges on certain payment cards to consumers. This is in the future no longer possible. This means that the consumer will pay the same price regardless of which card it is paid with. Businesses must no longer charge the consumer an additional fee when, for example, they are paying with their credit card.
New requirements create new roles where the two primary types of third party service providers (TPPs) are the so-called PISP’s and AISP’s.
A PISP - Payment Initiation Service Provider - can, on behalf of a customer, make a payment through this customer's bank without the use of payment cards. Examples of PISP’s are Trustly, Sofort or MobilePay (when switching from card to account-based payment).
An AISP Account Information Service Provider - On behalf of a customer, information from Customer Banking and offer analysis and overview or other data-driven services can be collected. Examples of AISP’s are Spiir and Money Dashboard.
Is PSD2 a threat or an opportunity for SDC’s customers?
All banks in the EU must at least be PSD2 compliant in 2018, and allow TPP’s to access customer accounts via at least one channel. Some banks see PSD2 as an opportunity, while others see it as a threat. But Nordic banks, which is already ahead with digitalization, should exploit PSD2 as a strategic opportunity to enter the future universe of payments. The bank can among others, with open standards (open APIs) collaborate with third parties to develop new financial services and for the benefit of banking customers.
What does SDC do?
SDC has launched a project to assist SDC banks to meet compliance requirements when PSD2 enters into force. The project helps handle access for third parties and exchange data according to regulatory requirements.