Regulators of EU and UK markets have implemented sweeping overhauls to international payment regulations. The goal was to standardize the payments space and provide a more centralized standard for the digital commerce ecosystem. The revised Payment Service Directive, or PSD2, is one major regulation that was introduced within recent years.
PSD2 should have opened a world of new opportunities for consumers and businesses. Did it deliver, though?
What is PSD2?
The Revised Payment Services Directive (PSD2) is a ruleset administered by the European Commission. Its purpose is to regulate payment services and payment service providers throughout the European Union and European Economic Area. This would allow new entities to operate as financial institutions with proper oversight.
As an update to the original legislation, PSD2 furthers the EU’s quest for a more integrated and competitive market. To do so, it breaks down barriers to entry for new payment services and focuses on greater data security standards. It mandates Strong Customer Authentication standards and expands overall consumer rights.
The directive limits costs associated with card payments and mandates better fraud protection for consumers. At least, in theory.
In reality, the new directive seems a secondary plaster applied to an increasingly fractious foundation. While the push for standardization is certainly warranted and far overdue, PSD2 is sure to preclude other updates that will come soon, too.
More on this later. Now, let’s have a look at the changes PSD2 has wrought.
What Has Changed Under PSD2?
Perhaps understandably, consumers have trust issues with third-party payment providers, even when the popularity of BNPL options like Klarna and Affirm increases year after year. Seeing the profitability and long-term viability of such options, PSD2 proposes to bridge the gap.
PSD2 allows for more open banking. For example, sites like Apple, Facebook, and Google can now offer their users a host of new financial services. Pan-account benefits include checking balances across platforms, making online payments via direct bank or account transfer, and accessing one account from another.
These services can be specific. Or, they can be provided all within the same platform by an account information service provider (AISP) or a payment initiation service provider (PISP).
- AISP: These are service providers who—at the bank customer’s request—can gain access to that customer’s account data. That access could be used to analyze a specific user’s spending patterns, either for a single bank or collectively across the customer’s accounts in multiple banks.
- PISP: These services can provide transfers without the bank’s direct involvement. Common examples include peer-to-peer transfers or centralized bill payment services. Again, the customer would be able to access any bank accounts from the same platform.
Open banking facilitates faster credit approvals and transactions with fewer restrictions and better cross-agency communication. That said, this pluralized information sharing can have some downsides.
There’s more uncertainty surrounding fraud and chargebacks, for example. Also, what if your business isn’t cross-payment compatible?
What Exemptions Are Allowed Under PSD2?
Essentially, everyone who takes or manages payments in the EU or UK must be PDS2-compliant for a majority of payments. However, a few exceptions to the rule may apply.
Possible SCA exemptions include:
- Low-Risk Payments: Payments below €30.
- Fixed-Amount Subscriptions: SCA only applies to the first transaction.
- Trusted Beneficiaries: In effect, businesses that are considered a ‘trusted source’, like a utility provider, etc. The customer’s bank maintains the list.
- Corporate Payments: Charges made on behalf of a more central agency, such as corporate travel, meals, hotels, etc.
- Payments Made With Saved Cards: The customer will always need to authenticate every transaction, and the bank still reserves the right to decline.
Other exemptions may apply in the future. For now, though, this is it. While these exemptions offer some respite from wholesale compliance, merchants are still unenthused about the changes.
Merchant Issues With PSD2
Building upon the strengths of the original Payment Service Directive while attempting to address issues that inhibited cross-country payments, PSD2 was intended to streamline the speed and processing power of banks and payment providers across the board.
More payment providers are entering the financial services market. PSD2 sought to level the playing field. The new rules invite third-party entities to the fold in order to facilitate pan-European competition, increase payment protections, and standardize regulations.
Still, certain built-in inefficiencies have carried over to the updated version. In some ways, PSD2 simply failed to effectively solve all the issues it was designed to address. For instance, cross-country and third-party payments are still problematic. SCA anti-fraud efforts have led to upticks in false declines and increased abandonment, and overall, the measure has failed to achieve the standardization it sought at the outset.
From a merchant’s perspective, there are three main points at which PSD2 adoption has negatively impacted operations:
#1 | Customer Experience
Under enhanced PSD2 and SCA security measures, merchants struggle to find ways to provide a frictionless experience. While SCA measures are necessary, merchants are struggling to implement the new regulations without destroying consumer confidence.
#2 | Chargebacks & False Declines
The added anti-fraud measures are proving problematic for false declines and other issues. Also, customer disputes are different with PISPs. Since these are not credit or debit card transactions, there’s no guarantee that a service provider can resolve customer disputes when goods or services aren’t received.
Another significant concern is that PSD2 compliance increasingly relies on 3-D Secure 2.0 technology. 3DS tends to trigger issuer declines to combat fraud. Due to this, merchants are feeling the backlash in their conversion rates. These issues will almost certainly have an impact on the overall number of global chargebacks.
#3 | Non-EU Merchants
PSD2 will affect businesses on both sides of the pond. Merchants in North America are obliged to abide by some (though not all) of the new regulations to access consumers in EU member states.
Despite merchant conversion rates, chargebacks, or other concerns that deeply affect global markets due to the regulation, PSD2 is the law of the land.
It remains to be seen how this will pan out in the long term. For now, financial institutions would be wise to be wary of these new developments, and act accordingly.