In one blog post this month, Finextra called it “the mother of all European Union banking regulations.” In another, the publication highlighted all of the confusion and misinformation surrounding the legislation.
It’s the revised Payment Services Directive, better known as PSD2, replacing the original PSD that went into force back in 2007. According to analysts, it’s a major piece of legislation that has widespread implications for banks, card issuers, payments players, FinTech firms and more, and yet confusion remains, according to reports.
A client report released by Morrison & Foerster this month, for example, called out this lack of clarity.
“Given its potential impact, it’s surprising how little mainstream coverage PSD2 has received,” the alert’s authors, Simon Deane-Johns and Susan McLean, stated.
EU Member States now have until mid-January 2018 to implement the revised rules. Before this deadline passes, reports and industry analysts have taken it upon themselves to bring the inner workings of PSD2 out of the shadows.
According to reports, PSD2 covers a much broader scope of the payments world than its older sibling. Not only does this legislation affect payments made within the EU, but it also pertains to payments carried out in non-EU currency but by payment service providers that are both within the EU.
It also impacts all payments made in any currency when just one service provider is within the union.
The legislation aims to stay in line with the evolving payments technology landscape, meaning payment service providers that are redefining the industry must pay attention.
According to Morrison & Foerster’s report, perhaps the largest change since the 2007 legislation is the recognition of these third-party payment service providers, which have faced significant barriers to being able to fulfill their actual services.
These third-party players are now encompassed within the scope of PSD2, reports said, with differing requirements for the various kinds of companies.
These servicers, who only provide payment initiation services, for instance, will need to hold a certain level of capital (€50,000), as well as indemnity insurance against regulatory liabilities to protect their clients.
The PSD2 also allows payment service providers to access payment account data from traditional banks. For payment initiators and account information servicers, this is great news: Authentication of a user account will be able to happen in a matter of seconds, reports said, while the bank has already taken care of the Know Your Customer requirements.
Reports also note that this access to bank data means payment service providers will be able to obtain information around an individual’s account history and credit performance more quickly than before.
“AIS [account information services] and PIS [payment initiation services] providers will get the necessary tools to dramatically change the landscape of the financial world,” Finextra stated. “Banks simply won’t be the only players anymore; using their infrastructure, the third parties will be able to offer similar or completely new services to customers.”
This move, however, brings up significant financial security concerns. According to Morrison & Foerster, the PSD2 legislation addresses this with the concept of “strong customer authentication” on top of management and reporting requirements related to fraud and security.
The concept, reports explain, means authentication is based on two separate pieces of knowledge only a user knows or has, requirements that are largely intended to address security concerns of electronic and online payments.
What About B2B Payments?
While much of the PSD2 addresses consumer payments, the knock-on impact is likely to be felt by the payment service providers that also help facilitate business payments — especially for small businesses and especially as the use of electronic payment technologies among corporates continues to rise.
But how those impacts will emerge remains unclear.
Earlier this year, EU officials added new steam to the debate when the European Commission decided that the aspect of the PSD2 that applies to limits on interchange fees on card products will be left in the hands of individual Member States when it comes to deciding whether those rules also apply to commercial cards.
In its conclusion, the law firm addresses how widespread these revised rules could reach.
“The growth in Europe’s FinTech sector shows no sign of letting up, with a steady stream of new entrants creating products and services that challenge traditional payment business models and practices,” the authors wrote.
But there is still much debate to be had — and much clarification needed — to discover how the PSD2 legislation will impact the payment service providers servicing businesses, too.