PSD2 Is Coming — Are Merchants Ready?

From using instant messaging to getting directions and shopping online, consumers are constantly generating a trail of data about their preferences and whereabouts.

However, while all that happens in the background, consumers are growing increasingly wary of how their data is collected and stored. With data breaches making headlines almost every other day, consumers want to know that their data is being protected, and that it’s not being used in ways they don’t approve.

Thankfully, regulators are taking notice, and are passing protection laws like the General Data Protection Regulation (GDPR enforced in April 2016 and implemented earlier this year  and parts of the Second Payment Services Directive (PSD2), set to take effect in September.

In this inaugural PSD2 Tracker, PYMNTS explores the latest news and developments surrounding data protection and regulation, and whether merchants are prepared for PSD2 to take effect.

Around The PSD2 World

Some businesses are already feeling the effects of privacy regulations.

German social media platform Knuddels.de, for instance, was docked €20,000 ($22,769 USD) over a data breach that reportedly exposed the personally identifying information (PII) of more than 33,000 users, including email addresses and passwords, according to a statement from the company.

Knuddels first reported the breach to authorities in September after learning that nearly 2 million usernames and passwords, along with more than 800,000 email addresses, were posted online. While the fine was slightly lower than experts predicted, the company’s efforts to report the incident and cooperate with authorities helped mitigate the final amount.

Smart cities” based outside the U.S. could also face fines related to GDPR and PSD2, according to a report from The Telegraph.

These cities could be on the hook for GDPR-related fines if they’re found to have misused data from citizens of the U.K. This comes from the U.K.’s strategic advisor on smart cities, Dr. Jacqui Taylor, who said fines could amount to millions of pounds. Under GDPR, fines could be 4 percent of a city’s revenues or £17.4 million ($22.2 million USD), whichever is greater.

Meanwhile, in the U.S., lawmakers are considering passing and implementing data protections that resemble GDPR.

Recently, at the Aspen Cyber Summit in San Francisco, Representative Will Hurd (R-TX)  the chairman of the Information Technology Subcommittee of the House Committee on Oversight and Government Reform  claimed that an American version of the regulations was a possibility. The legislative body is already evaluating the Secure Elections Act and the Email Privacy Act, and California legislators recently passed new privacy laws that will go into effect in 2020.

Are Merchants Ready For PSD2?

Less than a year to the PSD2 deadline, many merchants are still working to prepare for the arrival of the new rules, and make sure they don’t find themselves on the wrong side of regulators.

In the inaugural PSD2 Tracker feature story, Charles Damen, senior vice president of payment strategy at Worldpay, told PYMNTS how merchants can best prepare themselves for the arrival of new regulations.

“The analogy that I often use is that we’re moving from an opt-in model, where the merchant [can] decide whether to authenticate a transaction, to an opt-out model, where every transaction needs that strong customer authentication,” Damen said.

About The Tracker

The PSD2 Tracker, powered by Whitepages Pro, is the go-to resource for staying up to date on a month-by-month basis on the trends and changes regarding PSD2, and other privacy and data protection regulations.