The new payment directive in the EU has the potential to affect global eCommerce players right here in America. There are big changes to follow in the coming years in the world of eCommerce payments in Europe. The final elements of PSD2 regulations (the Payments Services Directive #2) become fully implemented later this summer.
America has historically played catch up when it comes to payments and security innovations implemented in the EU. But, these most recent changes will have far-reaching repercussions. The new payment regulations no doubt will end up having an effect on U.S. merchants and consumers sooner or later.
What is PSD2?
Let’s get a bird’s eye view of what PSD2 is and does. PSD2 aims to expand upon the original Payment Services Directive (PSD1) which went into effect in December 2007. The objective is to regulate payment services and payment service providers and establish a set of regulations for electronic payments throughout the European Union. PSD2 then includes standards that will establish a baseline or framework for data security. The directive will create a set of policies for banks to allow access to consumer banking data by third parties (such as a retail merchant). The access to date is for the purpose of initiating the payment without having to turn to traditional card brand networks as well as requiring higher security standards for eCommerce payments.
Where does PSD2 apply?
The standards set by the directive applies to any payment where any leg of the payment is within the European Economic Area, including any payment entering or exiting the EU. The majority of PSD2 standards went into effect last year on Jan 13, 2018, with the final installment of regulations, SCA (strong customer authentication), requiring compliance by Sept. 14, 2019.
These Strong Customer Authentication security standards will create a platform for stronger authentication and help to reduce fraud. SCA or two-factor authentication increases security and creates more challenges for fraudsters. SCA requires at least two of the three forms of authentication be used in payment transactions. The three forms of authentication are: Knowledge-a password or token, Possession-a mobile phone or device, and the customer themselves- a biometric such as facial recognition or fingerprint recognition.
This will ultimately increase security and lower fraud incidence. This is based on the sheer fact that thieves will face more challenges trying online credit card fraud.
What is the main goal of the measure for the EU and will America eventually follow suit?
The European Commission (EC) created PSD2 with the intention of establishing a more open banking system. A more open banking system would attract non-banks as well as Fintech companies. The primary goal is to give payment providers more direct access to data. This data includes customer account information, with consumer permission of course, in order to stimulate competition and level the playing field. The inclusion of third party corporations will undoubtedly facilitate innovation allowing for better security and reduced fraud as well as enhance the user experience.
New solutions that will benefit both consumers and merchants can only be achieved by opening up access to this data for online payments.
Many businesses operate in multiple countries and consequently have bank accounts in different countries with various currencies. The access that PSD2 will deliver with its Account Information Service Provider (AISP) API will provide a more holistic and consolidated view of the merchant’s different accounts. They will see all account information in one place and in real-time.
Why do we care about PSD2 here in America?
Well, first of all, there is a chance we could see an increase in fraudulent activity here in the U.S. directly following the deadline for SCA compliance. It is common for online fraudsters to move wherever they can circumvent the rules. Which often means moving to an area with the least strict requirements.
PSD2 will have far-reaching effects on the rest of the world. Not only does it set standards for authentication, but it also completely changes the landscape of payments and open banking.
The U.S. and other countries will be watching the implementation and success of a more open banking system in the EU. Then they will likely turn to that baseline for their own standard practices for open banking for the future.
PSD2 will affect banks and merchants alike.
PSD2 also has the potential to affect how U.S. businesses conduct cross-border commerce with other countries. US banks will want to utilize SCA in order to step up against the increase in fraud here in America. But, banks also want to continue to create a frictionless buying experience for their customers. Any US bank that has a presence in the EU will be required to abide by the PSD2 regulations.
One directive in PSD2 bans the practice of surcharging any transactions that involve a consumer’s credit, debit, or prepaid card. This is a practice that has become quite common for U.S. merchants as a way to offset payment processing fees. So you can be sure Merchant Service Providers and merchants alike will be watching.
PSD2 allows corporations to integrate with third-party providers to gain access to payment information data in order to initiate payments directly from customers’ bank accounts. Because of this, the model could be very interesting to titans such as Facebook, Google, even Amazon. It could allow them to become Payment Information Services themselves and easily integrate in-app sales with their existing applications. Not only is the data valuable, but so is the opportunity to create competition to interchange fee-based payment models we use currently.
Protecting data is the cornerstone of a “sharing economy”.
Initiatives like GDPR and PSD2 regulations, which support the idea of a “sharing economy”, will ultimately become a global standard. Financial institutions, Fintechs, banks, and merchants need to be ready for the changes that will inevitably come from the EU Directive. Especially considering how important data has become in our economy. We’re realizing the current model of data ownership and usage does not, and could not, effectively realize it’s inherent value.
As a thought leader and innovator in the payments space, Bankcard Brokers is always keeping a close eye on changes and innovations being made here in America and abroad. For more information regarding how your business may be affected by the new PSD2 directive, give us a call today.