July 2017

Next January, the new European Directive on Payment Services in the Internal Market (PSD2) will open up the payments market to third-party providers. Shahrokh Moinian explains the implications and opportunities for the global payments community

The revised Directive on Payment Services (PSD2) is certainly not a minor update of the original EU Payment Services Directive (PSD1) established in 2007. Taking into account the far-reaching technological and market changes which have occurred since 2007, the impact of PSD2 on the payment community will be considerable. PSD2 should be recognised as a major step forward along the road to a more open, client-focused, digital payments market in Europe.

A decade of change in the payments market

Since the first EU Payment Services Directive (PSD1) was introduced 10 years ago, the European payments industry has undergone far-reaching technological and market change. Indeed, advancements in technology (including instant payments infrastructures, blockchain, mobile authentication and the Internet of Things) have given rise to a host of new payment services and operators not covered by the first round of regulations.

But innovation in this area is still in its nascency and more significant advances are surely yet to come. Luckily, PSD2 will open up the field to more players and innovation. It introduces two new regulated roles: for Account Information Service Providers (AISP) – that equip users with consolidated and convenient online information on one or more of their payment accounts; and Payment Initiation Service Providers (PISPs) – that facilitate the e-commerce process and enable online payments to be initiated at the immediate request of a payment service user. Although some players existed in both these spaces before, regulating them will allow for much greater growth and development.

The EU has already experienced a surge in internet shopping and an accompanying rise in online fraud. Between 2014 and 2015, e-commerce sales in Europe grew by a staggering 65.6% (from €156.28bn to €455bn),1 while the EU’s 2014 figures on card-not-present fraud showed a 21.2% increase in fraud year-on-year.2

PSD2 – a major regulatory overhaul

In light of the developments that have occurred in the payment space since 2007, PSD2 provides a major regulatory overhaul – bringing three key changes to the first EU Payment Services Directive (PSD1).

First, to help ensure better legal protection, and reduced risk for payment service users in the EU, PSD2 widens the scope of its predecessor regulation – a change that comes into effect in January 2018. Certain provisions – primarily regarding transparency and payment terms, specifically the value dating of incoming payments – will now be extended to apply to payments where only one party is located in an EU/EEA country (‘one leg principle’), and to payments made in all currencies.


Second, from late 2018, PSD2 introduces higher levels of payment security and authentication. In response to the surge in online fraud in recent years, PSD2 stipulates that a payment service user must now adhere to stronger levels of authentication such as two-factor (2FA) customer authentication processes to each remote, online or electronic payment. In this context, a factor refers to something that asserts that a customer is the legitimate user of the service. One authentication factor might be customer knowledge, e.g. a password; a second, a customer’s possession, such as a smartcard; and a third factor a customer “inference” (something only the user is), for example, a fingerprint.

Finally, kicking in by late 2018 or early 2019, PSD2 licenses third-party providers (TPPs) of payment services, including the aforementioned PISPs and AISPs, and obliges banks to provide them with the information they require to operate effectively (dependent on customer consent). In turn, PSD2 will help level the playing field on which innovative companies can compete with established banks, and inject a new dose of competition into the payments market.

A directive to fear or embrace?

At Deutsche Bank we view the changes to the first directive as logical, however, they are not universally popular. Indeed, according to a PwC report released in the first quarter of 2016, 68% of bankers fear or resent the effects of PSD2.3

Payment service providers will admittedly have to undertake significant change-work to comply with the new directive. The extended scope of PSD2 requires financial service providers to make a series of process and system modifications. These modifications include not only value dating and availability of funds in international payments, but also the introduction of new 2FA systems, and the construction of a secure and accessible online account interface, through which TPPs can extract the information they require to operate effectively.

Spurring new levels of innovation

However, the directive is certainly not one to fear. Rather, PSD2 should be viewed as a catalytic force for heightened innovation, security and data transparency in the payment space.

Take PSD2’s new provisions for TPPs: by licensing new third-party providers, and injecting a new dose of competition into the payments market, PSD2 should in turn help stimulate further innovation in product and service offerings. Whether these services are offered by banks – leveraging their deep-rooted customer trust and regulatory experience – technologically nimble fintechs, or collaboration between the two, they are likely to be delivered through new, convenient channels of customer communication.

Moreover, if open application programming interfaces (APIs) are used to build the new interface between banks and TPPs – PSD2 might even usher in a new era of open banking. The European Banking Authority certainly encourages this development – recognising the potential of APIs to help banks innovate at pace, create new revenue streams and “disrupt the disruptors”.

A force for payment security

Naturally, where there is more frequent and easier access to customer account information by more parties, this gives rise to concerns about the security of customer data – particularly given the staggering rise in online card payment fraud in recent years. However, with PSD2 in place, practitioners, and customers, have nothing to fear.  Despite some concerns that an extra authentication step might deter customers from completing online purchases, enhancing consumer protection is an aim which payment service providers, retailers and regulators should naturally prescribe.

Corporates and consumers today expect transparency, efficiency and security in their payment transactions. There is no question that PSD2 will help drive momentum in this direction. PSD2 should therefore be embraced as a major step forward – a clear indication of the EU’s commitment to fostering innovation in the payment space.


Shahrokh Moinian is Global Head of Corporate Cash Management Products at Deutsche Bank


_________________________________________
1 See http://bit.ly/2nsv3YY at ecommercenews.eu
2 See http://bit.ly/1jwPKZ7 at ecb.europa.eu
3 See http://pwc.to/2a4AKUx at strategyand.pwc.com

You might be interested in