PSD2 & improved consumer protection
Seth Ruden, a senior fraud consultant at ACI Worldwide, has written an article for PaymentsSource that explores the benefits of U.S. issuers embracing the EU’s PSD2 (Payments Services Directive).
As Ruden observes, the European directive stipulates a standard baseline for data security and a set of policies to ensure that all players in the space keep it clean and secure. Specifically, its mandate includes enhanced authentication for more accurate fraud detection during device-based transactions.
“PSD2 will unify Europe’s payments market, while making significant efforts to secure it as well. Residual benefits include greater efficiency, better-informed consumers and a more loyal and confident customer base that is willing to adopt these technologies,” he elaborated. “So, while many countries continue to abide by susceptible username and password combinations, this PSD2 ‘Eurail’ train will continue full steam ahead, promising a plethora of effective and balanced controls for the next generation’s payments landscape.”
According to Ruden, U.S. financial institutions should perceive PSD2 as an opportunity to refine their own data protection methods, security protocols and risk governance frameworks (by embracing open APIs, for example). If not, he says, they risk being left behind by alternative services overseas that can leverage their PSD2-compliance and modernized protection standards as both a competitive advantage and a building block for further product offerings.
“Our faith in digital payments is keeping us on track for further innovation, while our device, as innovative as it ever was, continues to fascinate us with a cascade of new and convenient features,” he concluded. “All we need now is for the U.S. to follow suit on introducing new rules to better protect consumers. These benefits will continue to ensure that we keep our devices close at hand, so good luck putting yours down anytime soon.”
Juniper Research: PSD2 positively disrupts FinTech
In related news, Juniper Research has named the PSD2 standard and its open API mandate as one of 2017’s top three disruptive FinTech technologies.
“The introduction of the revised European legislation ‘PSD2’ will redefine the payments sector as incumbents face new and increased competition. On the flip side, merchants and consumers will benefit from reduced fees and charges,” Juniper Research stated in a press release. “PSD2 will [also] effectively lead to the creation of numerous third party start-ups which could undercut established players. However, an opportunity exists for co-operation between banks and start-ups; institutions may leverage their established brands in partnership with agile technology start-ups, to press first-mover advantage.”
A closer look at PSD2
The Payments Services Directive (PSD) was adopted in 2007, creating a single market for payments in the European Union and providing the legal foundation for a Single Euro Payments Area (SEPA). In 2015, the European Parliament adopted the European Commission’s proposal to create safer and more innovative European payments with the new PSD2 directive. The second Payment Services Directive came into force on January 12, 2016 and Member States have until January 13, 2018 to implement it into national law.
According to the Council, PSD2 is expected to make payments safer, increase consumer protection, foster innovation and competition while ensuring a level playing field for all, including newcomers. Specifically, new players will now be regulated, licensed at the EU level. Barriers will be removed for these companies to increase competition – which should translate into lower costs for customers and a more appealing, even seamless payment experience. In addition, new players can access customer accounts to make payments on their behalf (via credit transfers) and provide them with an overview of their various payment accounts. As this infographic illustrates, the institution holding the payment account of the customers provides access via Application Programming Interfaces (APIs).
Understanding AISPs and ASPSs
PSD2 also introduces a number of new roles, including Account Information Service Providers (AISP) and Account Service Payment Service Providers (ASPS). Specifically, Account Service Payment Service Providers manage the consumer account, while Account Information Service Providers are service providers with access to the account information of bank customers.
Whereas customers had to be authenticated on different systems for each bank, AISPs have access to those accounts and acts as a portal to the customer. Moreover, the AISP has the overview of the behavior of the customer. This creates new business models as well the opportunity to move closer to customer needs.
In addition, because PSD2 offers support for Payment Initiation Service Providers (PISPs), the merchant can directly access the issuer using APIs to request authorization, cutting out all parties in between. This cleaner method of integration supports P2P payments, direct billing and reduced interchange fees.
Interested in learning more about PSD? You can check out the official PSD2 directive on the European Commission website and our article archive on the subject here.