PSD2?: still unknown to most consumers and businesses, is generating expectation among the new players in payment services, and distrust among established entities.
The EU requires banks and payment entities to distribute an electronic information brochure to consumers and businesses (before 13 January 2018). As for established banks and payment entities, their distrust comes primarily from two aspects of the PSD2: on one hand, introducing new actors in payment services, with access to their customer information (with their authorisation) and, on the other, that they must undertake the major technology investments necessary to comply with the above requirement.
We will attempt to find out what is hiding behind this acronym. To do so, we want to answer 3 questions:
1. What is the PSD2?
2. How does it affect payment service providers?
3. How does it affect consumers and businesses?
1. What is the PSD2?
First we will look at what each element of PSD2 means:
PS: Payment Services. Some data included in the Payment Statistics for 2015 (latest statistics report published by the European Central Bank on 26 September 2016) accredit the relevance of these services:
In 2015, 112 billion payment transactions were conducted in the European Union with non-cash instruments. Card payments accounted for 47% of all transactions, 26% of which being transfers and 21%, direct debits. The number of payment cards issued (781 million) represents around 1.5 cards per person in the EU (510 million).
EU retail payment systems processed almost 51 billion transactions for a total of 41.1 billion euros.
In 2015 there were 45 retail payments systems in the EU, of which 26 were in the Eurozone and accounted for 69% of all turnover.
D: Directive: a Community law provision that establishes the objectives to be met within a given period, but that enables Member States to choose the means to meet them. It therefore requires a complementary regulation to transpose the directive to domestic or national Law.
2: indicates that it is the second specific Directive on payment methods published by the EU. Before PSD2 there was a PSD1 (Directive 2007/64/EC) which is repealed with effect from 13 January 2018 (Article 114).
The PSD2 (Payment Services Directive 2) is therefore a Directive – (EU) 2015/2366- with 117 articles and is more in-depth than the PSD1, which aims to create a single retail payment market in the European Union (except payments in cash, with cheques or restricted use payment instruments) to favour innovation, competition and efficiency. Its ultimate goal is to provide consumers and businesses with reliable, secure payment services at the lowest possible cost. In line with the above, the aim is to standardise new online payment methods using mobile telephones, and new disruptive digital business models.
Regarding its entry into force, we must recall that:
The authors of this Directive (the European Parliament and the Council of the European Union), entrusted the EBA (European Banking Authority, created in 2011) to develop 11 documents (5 Regulatory Technical Standards, 5 Guidelines and 1 Implementation Technical Standard) to specify certain articles. In turn, the EBA progressively generated the documents, establishing dialogue and seeking the participation of the various players. Thus, before issuing the final document, it issued a Consultation Paper posing questions and gathering objections from the sector affected. Once the documents were published, an 18-month period was granted due to the technological difficulty in implementing them.
The PSD2 Directive came into force on January 2016; from this date Member States must transpose it into national law. These transpositions come into effect as of 13 January 2018.
The PSD2 Directive requires its application and repercussions to be reviewed before 13 January 2021.
2. How does it affect payment service providers?
The main new development of the PSD2 is that it regulates TPPs (Third Party Payment Service Providers), forcing banks to open their payment service systems and account information (with prior authorisation from the account holder) to these third parties, so that businesses that do not have the infrastructure to offer payment services can do so using a bank’s infrastructure. This opens the payment system and account information, which were previously closed, to small FinTechs and major businesses such as GAFA (Google, Apple, Facebook, Amazon). There are two TPPs:
1. PISP (Payment Initiation Service Provider), defined in the Directive as: a service to initiate a payment order at the request of the payment service user with respect to a payment account held at another payment service provider. These providers allow the user to pay a retailer from their bank account, without having to use a card.
2. AISP (Account Information Service Provider): an online service that allows a user, or another business, to consult all the financial information on one or more accounts held at one or more banks, without having to use the bank’s ebanking service.
Although the PSD2 Directive does not make specific reference, banks must deliver information to the two new players using the APIs (Application Programming Interface) open for mass use by third parties; with the security, scalability and control requirements this involves.
Given that the PSD2 changes the payment method ecosystem by regulating two new players, traditional players are divided into those that only see danger, and those that opt for coopetition: combining competition and cooperation with new players, knowing that they too can become TPPs or access a customer’s credit score rating with different entities. Not forgetting that banks are the only parties required by the Directive to maintain the infrastructures used by TPPs, which have no obligation whatsoever to contribute to their maintenance and improvement. This situation forces banks to rethink their business model, looking for new sources of value in how they offer services to these TPPs.
3. How does it affect consumers and businesses?
By publishing the PSD2 lawmakers aim to benefit consumers and businesses. Some examples include:
Payment initiators (PISP) will allow consumers to buy online or in person without a credit/debit card.
Account aggregators (AISP) can anticipate consumer needs, providing them, for example, a better offer when an insurance policy is about to expire.
Reinforced authentication is required to identify the end user conducting the transaction, improving security.
In the case of undue payments, maximum liability is limited to €50 except in the event of negligence by the user.
The period for resolving claims is shortened to 15 working days.
Greater protection in transactions with unknown final charges. For example, vehicle rentals, so that the company can only charge the maximum amount established; over this amount the user must order a new payment.
It is easier for online businesses and retailers to become payment initiators (PISP), interacting directly with end charge account providers, whether they are banks or new players (PayPal).
Its scope of application, providing security for consumers and businesses, extends to any transaction involving one party outside the European Economic Space (one leg-out transactions) regardless of the currency used.
The PSD2 Directive is the start of a road that leads to a new, open banking system.
