The new payments directive in the EU has the potential to affect global eCommerce players right here in America.
There are big changes to follow in the coming years in the world of eCommerce payments in Europe now that the final elements of PSD2 (the Payments Services Directive #2) will become fully implemented later this summer. While America has historically played catch up when it comes to payments and security innovations being implemented in the EU, the most recent will have far reaching repercussions and end up having an affect on U.S. merchants and consumers sooner rather than later.
What is PSD2?
Let’s get a bird’s eye view of what PSD2 is and does. PSD2 aims to expand upon the original Payment Services Directive (PSD1) which went into effect in December 2007 in order to regulate payment services and payment service providers and establish a set of regulations for electronic payments throughout the European Union. PSD2 then, includes standards which will establish a baseline or framework for for data security, create a set of policies for the banks to allow access to consumer banking data by third parties (such as a retail merchant) for the purpose of initiating the payment without having to turn to traditional card brand networks as well as requiring higher security standards for eCommerce payments. Where does PSD2 apply? The standards set by the directive applies to any payment where any leg of the payment is within the European Economic Area, including any payment entering or exiting the EU. The majority of PSD2 standards went into effect last year on Jan 13, 2018 with the final installment of regulations, SCA (strong customer authentication), requiring compliance by Sept. 14, 2019. These Strong Customer Authentication security standards will create a platform for stronger authentication and help to reduce fraud. SCA or two-factor authentication increases security and creates more challenges for fraudsters by requiring at least two of the three forms of authentication: Knowledge-a password or token, Possession-a mobile phone or device, and the customer themselves- a bio metric such as facial recognition or fingerprint recognition. This will ultimately increase security and lower fraud incidence based on the sheer fact that thieves will face more challenges when trying to get away with online credit card fraud.
What is the main goal of the measure for the EU and will America eventually follow suit?
The European Commission (EC) created PSD2 with the intention of establishing a more open banking system that would attract non-banks as well as Fintech companies. The primary goal is to give payment providers more direct access to the data that includes customer account information, with consumer permission of course, in order to stimulate competition and level the playing field. The inclusion of other third party corporations will undoubtedly facilitate innovation allowing for better security, reduced fraud as well as enhance the user experience.
New solutions that will benefit both consumers and merchants can only be achieved through opening up the access to this data for online payments.
For businesses that operate in multiple countries and consequently have bank accounts in different countries with various currencies the access that PSD2 will deliver through its Account Information Service Provider (AISP) API will provide a much more holistic and consolidated view of the merchants different accounts in one place and in real-time.
Why do we care about PSD2 here in America?
Well, first of all there is a chance we could see an increase in fraudulent activity here in the U.S. directly following the deadline for SCA compliance. It is common form for online fraudsters to move wherever they can circumvent the rules which means moving to an area with the least strict requirements.
PSD2 will have far-reaching effects on the rest of the world. Not only will it set a standard for authentication but it will also completely change the landscape of payments and open banking.
As the U.S. and other foreign countries keep an eye on the implementation and success of a more open banking system in the EU they will likely turn to that baseline for their own standard practices for open banking for the future.
PSD2 also has the potential to affect how U.S. businesses conduct cross-border commerce with other countries. US banks will want to utilize SCA in order to step up against the increase in fraud but also to continue to create a frictionless buying experience for their customers. Any US bank who has a presence in the EU will be required to abide by the PSD2 regulations. One of the directives included in the roll out of PSD2 bans the practice of surcharging for any payment transactions that involve a consumer’s credit, debit or prepaid card. This is a practice that has become quite common for U.S. merchants as a way to offset payment processing fees and you can be sure Merchant Service Providers and merchants alike will be watching.
Because PSD2 allows corporations to integrate with third-party providers to gain access to payment information data in order to initiate payments directly from customers’ bank accounts this model will be very interesting to titans such as Facebook, Google, even Amazon to become Payment Information Services themselves and allow them to more easily integrate in-app sales into their existing applications. Not only is the data valuable but so is the opportunity to create competition to interchange fee-based payment models we use currently.
Financial institutions, Fintechs, banks and merchants will be more ready for the changes that will inevitably come from the EU Directive if they realize now that initiatives such as GDPR and PSD2 which support the idea of a “sharing economy” will ultimately become a global standard. Especially considering how important data has become in our economy and the realization that our current model of data ownership and usage does not and could not effectively realize it’s inherent value.
As a thought leader and innovator in the payments space Bankcard Brokers is always keeping a close eye on changes and innovations being made in the payments space here in America and abroad. If you operate a global eCommerce site and would like more information regarding how your business may be affected by the new PSD2 directive, please don’t hesitate to give us a call.