On June 28th, the European Commission unveiled its proposed revisions for transforming the EU’s payments law. Known as the third Payment Services Directive, of PDS3, these new regulations aim to strengthen consumer protections and competitiveness in the electronic payments realm.
The European Commission has recently proposed this as a shift toward a more digitally-driven and broader financial landscape. It should enable consumers to securely share their data, providing access to a broader spectrum of improved and cost-effective financial goods and services.
These initiatives are designed with a central focus on boosting consumer interest, competition, security, and trust. However, considering the lukewarm reaction from merchants to PSD2, it begs the question: can we anticipate any substantial shifts?
What is PSD3?
PSD3 is set to regulate electronic payments and the banking environment within the European Economic Area (EEA). The final outline of PSD3 will be determined by the European Commission following a series of consultations.
Mirroring its precursor, PSD2, this new ruleset will govern Strong Customer Authentication (SCA) practices, and improve open banking standards and procedures. The aim is to streamline and secure digital transactions for consumers.
New open finance and banking protocols under PSD3 will govern the exchange of customer data between relevant authorities and the banks where the consumer holds accounts. This includes tax authorities, payment processing entities, and others.
PSR1 VS PDS3: What’s the Difference?
Existing PSD2 rules are being rebranded as the revised second Payment Services Regulation, or PSR1, to accommodate the forthcoming new regulatory alterations. I acknowledge that these terms might seem puzzling, so allow me to delineate the differences:
- PSD2: Existing EU law governing digital payments. Spearheaded open banking, letting customers initiate payments through third parties. It will be annulled once PSR1 and PSD3 take effect.
- PSR1: New Regulation is set to supersede PSD2. Encompasses specific proposals regarding API performance, simplified authentication rules, risk-based fraud prevention strategies, and more.
- PSD3: This is the forthcoming directive from the EU Commission. It is particularly focused on the licensing and authorization processes for payment and e-money institutions.
Shifting payment rules from PSD2 rules to PSR1 is designed to foster a more unified payments marketplace. It should markedly reduce disparities and inequalities between member states. In contrast, PSD3 primarily zeroes in on the licensing and authorization for payment firms.
What are PSR1 & PDS3 Meant to Address?
This highly anticipated proposal outlines several crucial alterations and advancements that are set to influence third-party providers, banks, payment service providers (PSPs), and merchants. In short, the broad aims set out in the proposals include:
#1. Improved APIs for Open Banking
Open banking APIs face several issues, including inconsistent downtime, non-standardized implementation, and insufficient support when problems arise. These issues are addressed in PSR1, which introduces guidelines on API performance and minimum required functionality.
For instance, the issue of payer identity verification. This is a challenge for PISPs since not all banks provide the account holder’s name during a payment initiation. It will be resolved as PSR1 mandates the sharing of the account holder’s name with the PISP before the payment initiation process.
#2. Less Pain at Checkout
PSR1 directly addresses challenges to open banking identified by the European Banking Authority in 2020, paving the way for more seamless user experiences. Now, user journeys for open banking’s Strong Customer Authentication (SCA) must be as user-friendly as online banking.
Under the new rule, users won’t have to face lengthy authentication journeys. They also won’t be required to input their own extensive IBAN for transactions or account access or limit payments to pre-approved or local beneficiaries. Banks will need to adapt their APIs and SCA protocols accordingly, but these changes promise to enhance user experience and boost user adoption rates.
#3. Direct Fintech Access
Before the introduction of PSR1 and PSD3, only banks had legal access to European payment settlement infrastructures. This left payment institutions at the mercy of their banking partners’ decisions. This could range from opting for SEPA Instant to imposing steep fees for instant payments.
However, these new regulations aim to foster competition and innovation by granting equal opportunities to all players. It promises enhanced and more efficient payment services throughout the EU.
#4. IBAN & Name Matching
PSR1 expands the Instant Payments Regulation’s IBAN and name check requirements to all credit transfers. Here, the onus is on the payment providers to verify that the payee account details provided by the payer align with those of the recipient account. Importantly, to avoid redundancy, PSR1 does not mandate this service for payments where the payer is not the one providing the payee details.
#5. Re-Authorization
Due to modifications in licensing and authorization regulations, payment institutions will be required to reapply for authorization from EU authorities within two years after the new rules are implemented. This process is meant to confirm that all firms functioning under PSD3 are competent and reliable, ultimately providing protection for consumers and businesses.
This is Good News
This update represents an encouraging shift for eCommerce and a much-needed refresh to EU payment regulations. The proposed alterations indicate the European Commission’s keen understanding of the practical challenges open banking currently faces, along with viable solutions.
The new regulations might be finalized by 2025 and possibly put into effect by 2026. Nevertheless, it’s premature to declare anything definite at this stage. Observing how these new guidelines shape the course of the coming year will be quite intriguing.