Background
The Payment Services Directive (“PSD”), which was adopted by the EU in 2007, regulated information requirements as well as the obligations and rights of payment service users. The establishment of these rules has encouraged the creation of an EU internal market for payments. The recent emergence of new processes and technology within the payments industry has limited the scope of the original PSD and prompted the introduction of the Payment Services Directive 2 (“PSD2”).
PSD2 summary
The key aims of PSD2 are to:
- Make payments safe and more secure;
- Protect customers;
- Encourage greater competition for payment service providers (“PSP”); and
- Provide a more integrated and efficient European payments market.
PSD2 explained
PSD2 builds on the previous legislation in the following ways:
- Improving security requirements – the legislation introduced new requirements relating to security and operational risks. Most specifically, PSPs must update their authentication procedures.
- Enhancing conduct of business requirements – i.e. reducing the liability of payment service users and increasing competition, by enabling the use of payment initiation service providers.
- Expanding the scope of the payment services regulation.
- Limiting and removing the number of exclusions that were previously available under the PSD.
PSD2 Regulation
The scope of PSD2 widens the geographical scope provided by the original legislation. Furthermore, the following PSPs are now covered by PSD2: payment institutions, credit institutions, e-money institutions, and central banks.
The legislation aims to increase competition within the payments sector as it promotes open access to payment systems and accounts.
Additionally, it introduced two new regulated payment services: Account Information Service Providers (“AISPs”) and Payment Initiation Service Providers (“PISPs”).
AISP
An AISP is a service which is made available to users of payment services with online access to accounts through which the payer can get a consolidated view on all their payment accounts through one online platform.
PISP Diagram
A PISP is a service where a payer can make an online payment through a service (such as direct debit) to a third-party beneficiary.
PSD2 Open banking
Under PSD2, both AISPs and PISPs are recognised as Third Party Providers (TPPs) – which is an authorised online service provider that has been introduced as a part of ‘Open Banking’ (which covers a set of rules permitting TPPs of financial series to access consumers’ financial data with their consent).
PSD2 compliance
With the introduction of PSD2, the FCA changed some of their rules and guidance for the sector. The FCA considered, some of the following issues: its approach to the authorisation, registration and change in control of firms affected by PSD2; complaints handling procedures; and regulatory reporting, notification and record keeping requirements.
Shortly after the implementation of PSD2, the FCA also published a Dear CEO letter and statement regarding ‘strong customer authentication’ (SCA) – which the European Commission defines as authentication that uses at least two of three verification elements:
- Knowledge
- Possession
- Inherence
The main purposes of the PSD2 SCA is to reduce fraud from ‘card-not-present’ transactions, providing consumers with safer online purchasing experiences.
PSD2 deadline
The new PSD2 directive was originally due to take effect on the 14th September 2019. However, the European Banking Authority (EBA) granted an extension to the PSD2 deadline to 31 December 2020.