The European Second Payment Services directive (“PSD2”), that has been converted into Belgian law on 13 January 2018 replaces the first PSD directive, which was introduced in 2007 and offered some flexibility for the non-banking institutions. It has provided for a growing competition in the payment sector and the creation of a single market for online payments.
The main objective of the PSD2 is to strengthen the protection of the customers and to encourage innovation, competition and the digitalization of payment services. As a consequence, it is believed to further develop the internet – and mobile payments and open the EU payment services market to the non-banking institutions.
What are the major changes?
- Setting the maximum amount of ‘Multilateral Interchange Fees’ (MIF’s) at 0,2% for debit cards transactions and at 0.3 % for credit card transactions in a framework of online payments;
- Introducing Strong Customer Authentication (SCA) for electronic payments;
- Enhancing consumers’ rights i.e. limiting the liability of the client for unauthorized payments, prohibiting surcharges on debit and credit card payments by the clients;
- Extending the geographical scope whereby the PSD2 will even apply in case one party to a transaction is a resident of an non-EU Member State, including transactions in non-EU currencies.
The most crucial novelty for clients remains the opening of the payment market to non-banking institutions:
Payment Initiation Service Providers (PISPs) and Account Information Service Providers (AISPs).
The PSD2 introduces two new concepts:
- PISP’s stands for services which would directly access the bank accounts in order to conduct a transfer of funds on behalf of the client.
- AISP’s describes the services that provide real-time consolidated information on the different payment accounts of a client, when granted permission by the account holder.
Both are collectively referred to as Third Party Providers (TPP’s).
Payment services by Third Party Providers (TPP’s).
The PSD2 allows the TPP’s to operate as alternative payment service providers. Furthermore, it allows TPP’s to consult the payers’ account information. Prior to the PSD2 this data was only available to banks. This account information appears to be a valuable resource as it allows to analyze the spending behavior and to create consumption preferences profiles of each client. Under the PSD2 the banks will be obliged to share this payment account information if the client explicitly agrees. The usage of this possibility will open a path for the payment technology apps which should further simplify online payment transactions.
Although the PSD2 only allows to share the payment account information (and not the information about saving-, interest- accounts etc.) it, nevertheless, provides for a wide range of opportunities related to the consumers’ data and preferences. Access to this data allows the TPP’s to generate detailed and real-time profiles over the consumption behavior of the customers, the amounts spend on clothing, vacations, expenses related to hobbies, etc. These financial profiles would allow service providers to adjust their services based on the consumption preferences of the public.
Innovative, exiting, … Threatening?
The banks will provide the account information to the TPP’s via an open Application Programming Interface (“API”). API is a set of software tools which initially serves for interaction with other servers or applications. Also used for completing numerous tasks such as facilitating data sharing. It generally serves to provide controlled access to data between two (or more) different data platforms. Depending on the type of API it can be public data, private data or both. The PSD2 obliges the banks to open up their API’s for the TPP’s to use. Hence, creating the possibilities for non-banking institutions to build their own payments framework on the existing API’s of the banks.
As a consequence, the payment process is being shifted to users of the open API’s and so creating a direct connection between banks, retailers and customers. This is expected to generate a stream of new competitors. Among the possible competitors can be new market entrants directed on disrupting the banking payment services as well as online retailers and corporate giants creating their own payment platforms.
So far, any business remained dependent on the general payment options offered by banks that practically hold a monopoly on customers’ account information and electronic payments. PSD2 will offer non-banking institutions to retain more control over the payment transactions, potentially impacting revenue streams of banks.
In conclusion, it remains to be seen how the payment markets will react to these new rules. The launch of the new payments tech/apps on the market and regulating it will take some time before new models will running smoothly and being widely applied by customers.
In order to secure the effective operation of PSD2 provisions important follow-up work is required to establish a level of playing field between various market players. Due to the usage of the open API’s it will be important to implement high security standards in order to prevent fraud and privacy breaches of the sensitive accounts data. This is regulated by the Regulatory Technical Standards (RTS) which set out the rules for the interface between banks and TPP´s. The final version of the RTS has been approved and published in the Official Journal of the European Union on 13 March 2018. The RTS will be directly applicable as of 14 September 2019, giving the payment industry an eighteen months transitional period to adjust their services to new rules.