PSD3: what can we expect?
PSD2, the European payment services directive, came into force in 2019. Although this does not seem long ago, work is currently underway on its successor: PSD3. The contours of this are slowly becoming visible. In any case, what can we expect from this new directive?
PSD2 was supposed to be innovative legislation that was to boost competition and innovation in the sector through open banking, among other things. It would also remove barriers for new entrants to the payments market. Specifically for marketplaces and platforms, PSD2 meant they could provide new payment services and solutions to users such as more streamlined check-out processes, instant payments and better security with two-factor authentication, among others.
Wider scope of payment services
Opening up the financial sector with open banking and open finance was certainly progressive. While bigger steps and innovations in this area have so far failed to materialise, we can expect PSD3 to facilitate this even better. Among other things, PSD3 will expand the scope of payment services. Here you can think of extending the coverage of open banking to e-wallets, virtual currencies, Buy Now Pay Later (BNPL) and other new payment methods.
To truly move towards an open finance economy as was already envisaged with PSD2, it is crucial to have a better infrastructure for sharing data between authorised financial institutions. For this purpose, standardised APIs could be prescribed from PSD3. This will promote interoperability, consistency and integration capabilities between different financial systems, which will also boost innovation in the sector.
Strengthen security and authentication
Another important development in line with this is the strengthening of security and authentication. PSD3 is expected to demand more measures to protect customer privacy and security. This can be done through stronger authentication, encryption and standardised consent/approval mechanisms that allow customers to have more control over (sharing) their financial data.
Although PSD2 has also taken measures against payment fraud by forcing third-party providers to use Strong Customer Authentication, among others, this problem is not yet under control. Under PSD3, additional obligations are likely to be put in place for this, such as a reporting obligation for payment service providers to report fraud incidents directly to the relevant regulators and/or affected customers. This should help identify and address fraud cases faster.
The changes mentioned are not exclusive and are rather the tip of the iceberg. Especially when you consider that just the EU document with improvements for the current legislation is over 150 pages. But the general trend is clear: on the one hand, more standards are being introduced under PSD3 to make open banking truly open. On the other hand, the reins are being tightened regarding security, such as in the area of fraud prevention, to create a future-proof directive in that area too.
Directive for PSPs: PSR1
PSD3, incidentally, is not the only directive that will replace PSD2. Indeed, a separate directive will be drafted specifically for the activities of Payment Service Providers (PSPs): the Payment Services Regulation (PSR1). The current proposal for PSR1 sets out specific requirements for authentication, API performance and fraud prevention, among other things. The new directive should additionally improve security through stricter requirements for checking IBANs. For instance, PSR1 requires PSPs to perform a consistency check on the recipient's name and IBAN before a payment is made, at no extra cost.
Although no official implementation date has yet been set for PSD3 and PSR1, and it will certainly take some time before these directives are approved by the EU, it is good to follow the developments. It could represent an important new boost for our industry, and at the same time bring new challenges. We will therefore be sure to share our views on the impact these directives will have on marketplaces and platforms once the final documents are in place.