PSD2 Challenges Leave Norway, Netherlands Playing Catch-Up

Since many European Union (EU) countries have now brought PSD2 and GDPR fully into their financial infrastructures, banks and merchants must prepare for the upcoming Strong Customer Authentication (SCA) rule and its fast-approaching September deadline. EU banks and merchants also face the changes to data security, transparency and privacy that the PSD2 and GDPR regulations have marshaled across the region.

As European countries and consumers move forward with data transparency, other lawmakers and regulators are seeking to do the same. In the latest PSD2 Tracker, PYMNTS looks over how PSD2 is affecting the use of data for businesses and consumers around the world.

Around the PSD2, GDPR World

Meanwhile, consumers are starting to find out just what these new regulations mean for them. Drivers for ridesharing app Uber — among other members of the gig economy — are requesting that the company share data with the drivers themselves. Citing GDPR, the drivers want to see the data that the company collects on them, including location information and the times they have logged in and out of the app.

GDPR is also challenging the ways companies can collect and interact with consumer data, with companies such as Nokia under more scrutiny than ever before. Alleging that the company is not in compliance with GDPR, Finland is examining a Nokia data breach that may have sent personal information to an unknown server.

Merchants in the travel industry, for instance, are dealing with a restructure in the ways payments can be made and accepted under the EU regulation. Since PSD2 now bans typical merchant surcharging, travel companies must approach customers without applying such a fee. The change is just one of many that PSD2 is bringing to payments within the EU.

Solving for SCA’s $100-Billion-a-Year Problem

Speaking of changes to payments within the EU, merchants are about to confront a problem with a potential $100 billion price tag. While businesses within Europe are slowly getting used to PSD2, many of them remain unaware of SCA.

That lack of awareness, and subsequent lack of compliance, could add up for merchants that will need to offer two types of authentication to payers under SCA, Guillaume Princen, head of continental Europe for payments processing company Stripe, told PYMNTS.

To find out just what SCA means for merchants, visit the Tracker’s feature story.

PSD2, GDPR Adoption Challenges

However, while PSD2 and GDPR are crafting significant changes in the EU, many countries in the region have just implemented the data and payment laws. Despite the original deadline for the PSD2 regulation, some countries — including Norway and the Netherlands — only implemented PSD2 into their financial infrastructures a few months ago. This factor puts them behind a few other countries when it comes to readiness for upcoming aspects of the regulation, such as SCA.

Both Norway and the Netherlands, where faster payments have long been the norm, needed to keep customer trust in FIs as third-party players migrated to their countries under PSD2.

To learn how these regions approached these challenges and other barriers to PSD2 adoption, visit the Tracker’s Deep Dive.

About the Tracker

The PSD2 Tracker™, powered by Whitepages Pro, is the go-to resource for monthly updates on the trends and changes regarding PSD2, and other privacy and data protection regulations.



Banks, corporates and even regulators now recognize the imperative to modernize — not just digitize —the infrastructures and workflows that move money and data between businesses domestically and cross-border. Together with Visa, PYMNTS invites you to a month-long series of livestreamed programs on these issues as they reshape B2B payments. Masters of modernization share insights and answer questions during a mix of intimate fireside chats and vibrant virtual roundtables.