Transforming Europe’s digital economy with PSD2 and GDPR

This entry was posted on Thursday, August 10th, 2017.


Marta Ienco, the Head of Governments and Regulatory Affairs for the Identity program of the GSMA, recently penned an article for ItPortalPro about PSD2 and GDPR (General Data Protection Regulation). As Ienco observes, 2018 is expected to be a “transformative year” for Europe’s economy, with both PSD2 and GDPR passing into law.

“[These are] two contradictory motives that suit very different audiences:  customers and businesses. Banks are already grappling with the technicalities of these regulations and the financial sector especially will face significant disruption.”

According to Ienco, PSD2 will also improve the security of new and existing services by making strong customer authentication mandatory.

“For both banks and service providers, this will further expand the reach of two-factor authentication, where users authenticate themselves using something they have, such as a smartphone, and something they know, like a PIN or a password,” she added. “There can be no doubt that GDPR and PSD2 will drive huge changes in the world of personal data and disrupt the way our digital economy operates. But with mobile authentication, we can ensure data is kept safe and secure for businesses and consumers.”

Beyond PSD2: Industry eyes PSD3

In related news, Euro Banking Association Secretary General Thomas Egner told that PSD2 would likely be updated before too long.

“I can say there will probably be a PSD3, because we’ve heard there will be revisions. What this PSD3 will cover, I don’t know,” he stated. “PSD2 only covers payment accounts at the interest of the customer but, of course, [the space is] much larger than only looking at payment accounts. So, the market for this is much bigger than just what PSD2 achieved.”

PSD2: A closer look

As we’ve previously discussed on Rambus Press, the Payments Services Directive (PSD) was adopted in 2007, creating a single market for payments in the European Union and providing the legal foundation for a Single Euro Payments Area (SEPA). In 2015, the European Parliament adopted the European Commission’s proposal to create safer and more innovative European payments with the new PSD2 directive. The second Payment Services Directive came into force on January 12, 2016 and Member States have until January 13, 2018 to implement it into national law.

According to the Council, PSD2 is expected to make payments safer, increase consumer protection, foster innovation and competition while ensuring a level playing field for all, including newcomers. Specifically, new players will now be regulated, licensed at the EU level. Barriers will be removed for these companies to increase competition – which should translate into lower costs for customers and a more appealing, even seamless payment experience. In addition, new players can access customer accounts to make payments on their behalf (via credit transfers) and provide them with an overview of their various payment accounts. As this infographic illustrates, the institution holding the payment account of the customers provides access via Application Programming Interfaces (APIs).

“PSD2 introduces new roles: Account Information Service Providers (AISP) and Account Service Payment Service Providers (ASPS),” Rambus Payments Director of Product Marketing Andre Stoorvogel told Rambus Press in July. “Account Service Payment Service Providers manage the consumer account, while Account Information Service Providers are service providers with access to the account information of bank customers. Whereas customers had to be authenticated on different systems for each bank, AISPs have access to those accounts and acts as a portal to the customer. Moreover, the AISP has the overview of the behavior of the customer. This creates new business models as well the opportunity to get closer to customer needs.”

In addition, says Stoorvogel, because PSD2 offers support for Payment Initiation Service Providers (PISPs), the merchant can directly access the issuer using APIs to request authorization, cutting out all parties in between. This cleaner method of integration supports P2P payments, direct billing and reduced interchange fees.

Perhaps not surprisingly, PSD2 is expected to pose multiple challenges for banks, including increased IT costs due to new security requirements and opening of APIs, as well as revenue reduction linked to interchange fees and reduced market share. Although banks will need to rethink and redesign their services and business models, Stoorvogel emphasizes that financial institutions will have the opportunity to collaborate with FinTech companies to create a new generation of mobile payment platforms.