The European Union seeks to create an effective, open and free internal market for goods and services throughout its existence. The development of a single payment market in the EU builds on the robust legal framework of state-of-art legislation. One of the core bills is a new Payment Service Directive (PSD2).
PSD2 applies to payment services provided within the EU. This directive offers many benefits both for customers and for merchants. Firstly, this legislation is reducing fraud rates and increasing trust with consumers. Secondly, the introduction of two-factor authentication makes the payment process smoother. Thirdly, PSD2 creates more online banking and payments options for customers. Moreover, it allows merchants to use new payment aggregators to effectively gather, store and protect consented financial information from consumers.
Where does PSD2 apply?
PSD2 has a broad scope of application – it applies to any payment in the European Economic Area – no matter if such payment begins, ends or even travels through the EEA. Essentially this means that PSD2 is relevant to any business conducting in Europe. This directive applies in both taking payments in person and accepting payments online from customers.
To whom does PSD2 apply?
All the financial institutions operating in payment service directive countries have to follow PSD2. This directive applies not only to banks but also to third-party financial service providers.
According to the PSD2, there are two types of third-party financial service providers – Account Information Service Providers (AISPs) and Payment Initiation Service Providers (PISPs). AISP can access and collect consented customer’s financial data and provide account information services during which payment is not initiated. On the other hand, PISP can initiate a payment order at the request of the customer.
PSD2 requires banks to open access to their payment infrastructure and consumer data to AISPs and PISPs. This requirement is an essential prerequisite for open banking.
What are the consequences of non-compliance?
It is important to stress that PSD2 provisions are mandatory for banks and third-party financial service providers. Banks will reject non-authenticated payments, so online businesses will suffer losses if they do not fulfil Strong Customer Authentication (SCA) requirements.
Non-compliance with PSD2 will not increase the risk of losing transaction volume but also can have more severe consequences, especially for payment providers. PSD2 enables national regulators to impose fines and even terminate a payment provider’s license.
Article prepared by Nordigen.com