On September 14th, the EU’s PSD2 directive will come into effect. It’s important to make sure you understand what changes to make to your payment processing, so you can continue to conduct business seamlessly.
PSD2 (Payment Service Directive) is a new mandate being implemented by the EU to help stimulate online payment services. This directive will loosen the hold that banks currently hold over customer’s account information and payment services.
The PSD2 is an innovation fuelled by the growing world of technology and online payment services. It acknowledges the needs of consumers to have more control over their account information, while dismantling the monopoly banks currently have, over payment services. The additional security that will be addressed through the PSD2 is as a result of the fact that the EU will now regulate service providers, including issues such as confidentiality, the security of transitions and liability. Dismantling the banks’ monopoly means that consumers will have the opportunity to make choices between different service providers and types of payment services.
The changes that will take place can mean the difference between your users’ transactions being accepted or declined, so now is the time to look into PSD2 consultation services if you feel unclear about what changes you need to make for your specific payment service.
How PSD2 affects users
The most affected by the PSD2 directive and the implementation of open-banking will be the end consumer. The main goal of this mandate is to make banking more transparent so that end-users will be empowered with more insight and clarity about their own finances. The introduction of TTP (Third-party providers) means that, regardless of how many bank-accounts a user has, it will be easier for them to manage their finances.
TTP and more transparent financial management won’t be the only changes to take place. PSD2 will also:
- Lower chargers for consumers and ban surcharges for around 95% of card payments in the EU. This will apply to domestic and EEA payments, saving consumers more than then €550 million annually.
- Users will have more financial protection in this new single payment market. There will be better protection against fraud and any other abuses as a result of improved security measures, which are being put in place.
- In regards to losses, the PSD2 directive streamlines the liability rules in cases of unauthorized transactions, again further protecting the consumer.
- Overall, this updated directive will improve the user experience when paying by card within the EU.
PSD2’s effect on my business
As a result of the PSD2 directive, banks will not be competing against banks anymore but will be competing with anyone who offers financial services. It’s said that this directive will fundamentally change customer expectations and which business models are profitable. Banks are the only institution that will be directly affected, but any third-party providers that hope to work with EU financial institutions will have to meet the same standards outlined in the directive. A PSD2 consultation is an easy way to ensure that your payment system is compliant with the new rules.
Any company that is a third-party provider, or involved in an EU bank will be affected by the changes this directive brings. All EU banks will be required to implement PSD2 rules into their system – and in some cases, banks and third-party providers outside of the EU might even opt-in depending on how successful this directive becomes.
The important changes affecting businesses that will take place on September 14th include:
- The PSD2 directive opens up bank data and makes room for new TPPs, such as PISPs (Payment Initiation Service Provider) and AISPs (Account Information Service Provider). PISPs initiate payments on behalf of users. AISPs have access to the account information of banks’ customers and are the service providers who can analyze users’ spending behaviors or combine users’ account information from several banks into one overview.
- Banks are obliged to provide TPPs access to their customer’s accounts through open APIs, which enables third-party providers to build their services on top of bank data and infrastructure.
- All companies providing payment services in the EU will be required to have a payment license. You will need to register with the EBA.
- Many online payments will require and SCA (Strong Customer Authentication), which is a two-factor authentication meeting the European Bank Authority’s (EBA) requirements. The SCA confirms the user’s identity, using a two-factor authentication, during the transaction process. One of the most common mechanisms used for card payments is 3Dsecure, also known as “Verified by Visa” or “Mastercard Identity Check”.
Be prepared! Is your payment system PSD2-compliant?
There are a few ways to make sure your business is prepared for the PSD2 directive implementation. The simplest and most time-effective solution is to reach out to companies that provide PSD2 consultation, to ensure that your payment system is compliant with the new rules being put in place. Keeping your systems up-to-date will determine its overall success as technology continues to shape our world.
What you’ll need to make sure you’re payment system is compliant with the PSD2 directive are an SCA, choosing a PSP that is PSD2-compliant, updating or confirming updates of your payment systems and clarifying your TRA.
Add an SCA to your checkout process
SCA or Strong Customer Authentication will be required in the checkout process for many online transactions. The idea is to reduce the risk of fraud and protect the confidentiality of the user’s financial data.
This will be applied to customer-initiated payments where the user’s bank and business’ payment provider are both located in the EEA. This also applies to UK organizations on departure from the EU.
There are some exemptions to the SCA, which include low-value payments, low-risk payments or reoccurring transactions. But more often than not, you will likely be required to ensure that your checkout process includes an SCA in order for your users’ transactions to go through.
Choose a PSP that is PSD2-compliant
Businesses need to ensure that their PSP (Payment Service Provider) is compliant with PSD2. This simply means that your PSP must offer SCA (Secure Consumer Authentication).
There are many payment service providers that offer a checkout option to make it simpler for businesses to adjust to the changes. They take on the burden themselves, so your business doesn’t need to. Working with PSD2-compliant PSPs will ensure you’re in the clear.
Updates for payment systems or e-commerce solutions
If using a custom payment system, making your business compliant with the new directive will mean you just need to add a bit of code to your checkout process, which will add the SCA. Companies like amazon pay provide this code for their partners in their resources.
In the case of using an eCommerce solution, the changes are most likely going to be automatic, but it’s important to check with them to make sure that this will happen before September 14th so that you don’t end up with declined transactions as a result of not having the SCA in your checkout process. If you are using an existing payment platform, you still need to check if any additional updating with your integration is necessary.
Clarifying your TRA
As an additional measure of compliance, it’s a great idea for your business to confirm with your acquiring bank what their Transaction Risk Analysis (TRA) exemption rate will be. This could increase or decrease the number of transactions that are processed without friction.
If there is an exemption limit on transactions, they will go through as they would have before the PSD2, and your business will be compliant. But transactions outside the TRA exemptions will be required to have an SCA. The final decision on these TRA exemptions lies in the hands of your issuing bank.
PSD2 changes are almost here. The clock is ticking.
With the implementation of the PSD2 directive on September 14th, 2019, there are quite a few changes to be expected. The changes that will be made to online payment processes diminish the banks’ monopoly while opening the doors for other companies to come in and provide financial services. The additional security that will also come with this directive, such as the addition of SCAs to the checkout process, will improve the overall security of these transactions.
For businesses, these changes mean ensuring that your payment processes and services will be compliant with the new rules. Outlined above are some simple ways to ensure your business is up-to-date, to reduce the risk of having transactions declined once the change takes effect.
As a word of advice, don’t hold off on making these important changes. September 14th is just around the corner, and using the right tools will help to keep your business running smoothly. Your business depends on your payment systems still working after PSD2 is implemented. Reach out to us and book a free consultation.