Fifteen years ago, the EU adopted the first Payment Services Directive (PSD1) to create the legal framework for secure, electronic payment services across the EU. Cross-border payment between member states has become safer and more efficient. This serves the interest of the payment business and of consumers.
In 2015 the Council of the European Union passed the 2nd Payment Services Directive (PSD2). Member states were given two years to incorporate the directive into their national laws and regulations. In 2017, banks and payment service providers were required to implement even stricter safety measures, such as strong customer authentication (SCA) and secure open standards of communication. PSD2 came into full force in 2018.
Benefits and Challenges
These new EU rules have stimulated the competition in the electronic payments market, which has created exciting business opportunities for a growing number of different types of payment facilitators, while protecting consumers against unauthorized transactions.
Payment institutions or 3rd party-providers (TPPs) must implement strict measures to secure payments. Besides increased safety, PSD2 opened the way for Open Banking where FIs exchange data through Application Programming Interfaces (APIs). This has been a major driver for innovation and competition. Technological innovations that allow online merchants to offer their customers alternative payment methods, instant mobile payments, user-friendly apps and attractive customer loyalty schemes (coupon discounts, etc.).
SEPA Instant Payments and PSD2 pave the way for new payment schemes in Europe, by drafting a legal framework that facilitates Open Banking and safe instant payments to create healthy competition with the established international card schemes. European initiatives that prove to be a source of inspiration to create safe Open Banking ecosystems in other regions of the world.
However, full implementation has been challenging. The European Commission, EBA and National Competent Authorities (NCAs) have come to realize that a series of issues emerged that need to be tackled by the next EU payment directive (PSD3).
- Issues around API standards and performance
- Fragmentation of SCA solutions
- Customer abandonment rates due to friction during the checkout process
- Different Regulatory Technical Standards (RTS) interpretations
- Confusion around dispute processes
- Instant 10-second turnaround time not synced with PSD2
- The 90-day re-authentication requirement hinders customer experience
- Fragmented customer ID services
- Recovery of funds after (suspected) fraud
- SCA exemptions need reevaluation
Current SCA exemptions apply when:
- Transactions are considered Low-Risk, based on a Transaction Risk Analysis (TRA) assessment
- Low value transactions (below €30)
- Trusted Beneficiary Lists (SCA only on the first transaction)
- B2B transactions made from secure corporate environments
- Recurring payments
The Berlin Group
The Berlin Group first met in 2004 to discuss pan-European payments interoperability standards and harmonization with the primary objective of defining open and common scheme- and processor-independent standards between the acquiring banks and the card issuers, complementing the work carried out by e.g., the European Payments Council. Together, its members represent more than 25 billion card-originated transactions annually within the SEPA region. Over the past years, the Group has come up with initiatives to improve further harmonization in the region. One of its joint efforts has been to create API standardization, which resulted in NextGenPSD2 , a framework that facilitates the implementation of PSD2 requirements.
PSD3, from Open Banking to Open Finance
What is Open Finance? Consumers get access to all their private financial data (i.e. mortgages, pensions, insurance, etc.) through safe third party APIs, after giving their full consent. This demands enhanced fraud protection, unified API standards, improved SCA processes and defragmentation within the EU, while improving a frictionless customer payment experience in compliance with updated regulations. Anti-Money Laundering (AML/CDD) measures must go hand in hand with a smooth instant authorization within the EU. This must include intelligent risk management solutions that reduce the amount of ‘false positives.’ In order to improve a frictionless customer experience, the European Banking Authority (EBA) recently proposed the extension of the required 90-days SCA renewal period to 180 days, amongst other SCA exemptions.
On the journey from Open Banking to Open Finance, a regulatory framework for the future must consolidate the different approaches that are currently adopted by EU member states. Open Finance should be based on a solid regulatory framework that protects user data and optimizes customer experience without imposing rules that suffocate innovation. The pandemic has accelerated the growth of e-commerce and online payments. Merchants and their customers demand secure access to a growing variety of local, mobile, and alternative payment methods in a digitalized, multichannel landscape in which consumers demand speed, commodity and agility. PSPs face a tough challenge to provide merchants with consumer demands, in a secure environment and in compliance with stricter rules and regulations.
In May 2022, the European Commission published a public and targeted consultations to gather evidence, feedback, and suggestions for its review of PSD2. July 5, 2022 was the deadline for a targeted consultation aimed to receive detailed input from payment processors, PSP and other stakeholders in the payment business.
Some of the topics raised in the Targeted Consultation included:
- Suggested changes to SCA requirements (exemptions, etc.).
- Adjustments to the safeguarding regime.
- Changes to PSD2 exemptions
- Regulating currently unregulated payment activities.
- Execution timing requirements to transactions where only one of the PSPs involved is located in the European Economic Area.
- Regulating “triangular passporting”, where authorized PSPs in one EU Member State use the services of an agent in another Member State to provide payment services in a third Member State.
For further information, including the Open Finance Consultation for stakeholders in the financial business, visit the European Commission website.
Fintech and Open Banking in Ireland
As an EU Member State, Ireland is subjected to EU Payment Directives. Ireland is becoming a buzzing fintech hub, with over 400 financial service companies. This has disrupted traditional banking. Last year, two major retail banks (Ulster Bank and KBC Ireland) announced that they will stop offering financial services in 2022. Innovative Fintechs are ready to conquer consumers’ hearts and minds and seize their market share. We have seen how Ireland’s mature digital landscape; its corporate tax laws and its government’s initiatives provide the perfect conditions for the growth of e-commerce. Strong customer authentication (SCA) has been rolled out successfully across the Irish market.
The number of regulated fintech firms in Ireland has grown significantly, regardless of the rigorous Irish regulatory authorization process imposed by the Credit Institutions Supervisions Directorate of the Central Bank of Ireland (CBI), which demands that financial institutions and payment firms must prove that they are truly located in Ireland before an authorization will be granted. Fintechs need to present a detailed target operating model for their new Irish subsidiary, including a local management team. Open Banking is attracting new players and particularly Buy-Now-Pay-Later (BNPL) solutions are tempting Irish e-shoppers, which challenges regulators in their attempt to protect consumer rights. This trending payment method demands Regtech solutions to assess credit risk and verify consumers’ cash flow, which offers business opportunities for Regtech start-ups.
In conclusion, Ireland has a lot to offer. Merchants with the ambition to expand their commercial footprint must partner with an authorized and experienced payment processor to profit from the boundless e-commerce opportunities that this EU State has to offer, in compliance with EU legislation. Are you prepared for the upcoming 3rd EU Payment Directive? We’d be happy to help you get started. Reach out at [email protected].