The banks in the European Union are obligated to follow the rules established by PSD2. Thus, a new era of banking has begun. How does it change the financial sector in the EU? What is the response from banks? Finally, what does PSD2 compliance mean for regular customers? Read more to learn about the basics of the PSD2 directive.
Although the PSD2 directive was passed in 2018, it has been in the works since 2015. The European Commission and the European Parliament recognized the changing landscape of financial services. Customers are more likely to choose digital banking. With the growing popularity of mobile devices, multiple online banking companies have emerged. Those innovative services, tools, and software solutions are commonly known as fintech – an abbreviation of “financial technology.”
To regulate how fintech interacts with consumers and traditional banking, new rules had to be set. That is how the Payment Service Directive was introduced, and later the Revised Payment Directive or Second Payment Directive – PSD2.
PSD2 – What Is It and What Does It Mean for Customers?
The Second Payment Services Directive, or PSD2 for short, is a catalyst for Open Banking. Open Banking is a term used to describe an innovative, modern approach of providing digital finance services based on Open APIs.
PSD2 details how online banking services are going to work for customers. This includes online payments, loans, insurance, cryptocurrencies transactions, credit card offers, and many more. Every bank or fintech will follow the same set of rules, so the customers always receive the same treatment and quality of service.
PSD2 directive allows fintech companies to offer their products to customers in a secure, easily accessible way. It also shows how these new, revolutionary offers interact with the well-established banks and financial institutions.
PSD2 regulation – what is it exactly?
PSD2 explained in a few words would be a directive that all of the banks in the European Union have to follow.
In a more detailed explanation, PSD2 is a set of regulations that specifies how Open Banking should operate in the Member States of the European Union. This way, we can create a fair, unified European financial market. Every Member State follows the same guidelines. That means banks in the Member States need to be compliant with the PSD2 directive.
PSD2 compliance means that banks release their data in a secure, standardized form through an Open API (Application Programming Interface). Thanks to this, data can be accessed by authorized entities: other banks, financial institutions, fintech, and Third-Party Providers (TPPs).
PSD2 directive determines how banks share the data, what kind of data they can release, whom, and how the data is managed by parties accessing the open API.
What are the key changes?
PSD2 directive brings many changes as it is an unprecedented document in the history of European law. The upcoming years are going to show the real impact it has on the financial market.
We can distinguish four significant changes to the financial sector that are a direct result of PSD2:
Open APIs
Banks with an Open API (so every bank in the EU) can easily cooperate with TPPs. If the TPP requests to obtain information from the bank to provide a service, the bank is obligated to allow it in a way defined by the PSD2. New external services can be created based on the banks’ infrastructure.
To illustrate, let’s take online payment, for example. A fintech that offers an online payment service is a TPP. To make the service possible, it has to have data about the bank’s paying customer. So the fintech creates a plug-in following the PSD2 directive, asks the bank for access to their API, connects, and receives the necessary data. The customer gets the service they were asking for without any additional effort.
Fair competition
One of the main effects of the PSD2 regulation is that banks do not hold a monopoly on financial services. Fintech companies can offer brand new solutions suited to the digital market because they work under the same regulations as traditional banks. This helps in creating a more competitive financial market.
Emphasis on digitization
With the guidance of PSD2 regulation, financial institutions are pushed towards digitization. Banks don’t have to rely entirely on connecting with fintech: they can create digital products of their own and rival the new players in the game.
Stronger protection of customers
PSD2 requires online banking providers to protect their customers with Strong Customer Authentication (SCA). This limits the possibility of fraud. The customer has to go through a multi-factor authentication process to make sure their data is safe. What used to be an option is now obligatory.
PSD2 consumer benefits
For everyday consumers, PSD2 regulation is a sign of an exciting change in what the finance industry offers them. The market is about to get more competitive and diverse since the fight for clients’ attention is getting tougher.
The following fintech services could potentially emerge shortly:
- superbanks – one bank can include multiple services in their web and mobile applications, so the customers don’t have to switch and choose between different apps;
- financial services aggregator – comparing offers from banks is going to be a lot easier thanks to Open API;
- new payment options – whether it is an e-wallet or cryptocurrency, digital payments will become the new norm.
Consumers should keep an eye on what’s going on in fintech. PSD2 directive makes the most revolutionary technology in finance easily accessible.
What is Strong Customer Authentication (SCA)?
PSD2 regulation introduces new possibilities for the financial sector. However, the main goal is to protect customers from fraud and overcharging. That is why banks, fintech companies, and TPPs have to include multi-factor authentication in their development.
Multi-factor authentication means that to use the service, customers need to confirm their identity not just by a password or a PIN code, but also one of the following elements:
- knowledge – something only the user knows (password, numeral code),
- possession – something only the user possesses (smartphone, token),
- inherence – a biometric feature of the user (fingerprint, face, and/or voice recognition).
Strong Customer Authentication requires at least two ways of confirming the customers’ identity, preferably by mixing elements from different categories, e.g., password and token, numeral code and smartphone app, etc.
Strong Customer Authentication makes online banking more secure. It prevents customers from falling into malicious services and unethical industry practices. However, it also plays into the customers’ rights as it makes filing a complaint quicker and more efficient. Customers provide this information only when it is required to complete the desired process.
What is more, using SCA will be mandatory for every transaction over €30. Transactions below this amount are excluded from the Strong Customer Authentication rule.
How is personal data protected?
PSD2 isn’t the only regulation that protects customers’ data. General Data Protection Regulation applies to the companies defined in the PSD2: banks, fintech, TTPs, etc. This means that no data processing can be held without consent from the customer. The type of data processed is specified by the directive. Any other kind of data not specified cannot be processed.
All companies that offer Open Banking services have to comply with consumers’ right to access their data and be forgotten.
When will all of this take place?
PSD2 directive has been coming into life since its implementation in 2018. The deadline to meet the requirements was set for 14 September 2019. Since 2018, the PSD2 regulation has been gradually introduced to the Member States.
It is worth mentioning that each Member State has implemented the Payment Directive rules under its national operators. BinarApps has been a part of creating the Polish API Standard, which describes in great detail how Polish banks are meant to deal with the goals presented by the PSD2 directive.
Summary
PSD2 directive is a set of regulations sanctioned by the European Parliament and the European Commission. It responds to the changing financial market that is heavily influenced by the ongoing process of global digitalization. The creation of PSD2 has been caused by consumers’ behaviors that favor web and mobile technology. PSD2 defines and introduces new financial services providers in the European market – Third-Party Providers (TPPs). These providers are often fintech companies that bring new ways of handling finances. TPPs connect with banks because the PSD2 requires banks to open their APIs, allowing TPPs to obtain relevant information. This change is often described as the era of Open Banking. PSD2 directive requires the Open Banking sector to use Strong Customer Authentication for consumers’ safety. For them, the PSD2 regulations open up the door to more diverse, fair, modern financial solutions that fit their lifestyle needs. The services are offered in a way that protects their rights and personal data. With PSD2 being a mandatory rule from 2019, we can now observe how it changes our financial services providers.
October 1, 2020
