The payments industry in Europe is bracing for its next major regulatory evolution with PSD3 (Payment Services Directive 3). Following the landmark revisions introduced by PSD2, this new update is poised to address lingering challenges while adapting to the rapidly evolving financial and technological landscapes.

But what does PSD3 aim to change, and why should banks and payment providers care? This post will explore PSD3 in detail, discuss its implications, and help you take proactive steps to prepare.

Why an Upgrade is Needed

PSD2, implemented in January 2018, was designed to transform the EU payments ecosystem by enhancing competition, boosting innovation, and strengthening consumer protections. Its key achievements included:

• Open Banking mandated that banks open access to account data via APIs, enabling third-party providers to create new financial services.

• Consumer Protection with stronger authentication and fraud prevention measures, such as Strong Customer Authentication (SCA).

• Improved Competition by leveling the playing field between traditional banks and new market entrants.

However, despite its successes, PSD2 exposed significant shortcomings:

• Fragmentation across member states, causing inconsistencies in implementation.

• Security Gaps that left room for cyber threats and fraudulent activities.

• Innovation Limitations due to inconsistent API standards and performance issues.

Key Changes Proposed Under PSD3

PSD3 aims to build on PSD2’s foundation while addressing its gaps to meet the needs of an increasingly interconnected and digitized financial ecosystem. It should offer:

Stronger Consumer Protection

PSD3 raises the bar for consumer protection with tighter rules on fraud liability, improved complaint handling processes, and enhanced transparency in fees and terms. This is especially important as consumers demand more clarity and accountability from financial service providers.

Evolution From Open Banking to Open Finance

While PSD2 paved the way for Open Banking, PSD3 sets its sights on open finance by expanding access to a broader range of financial data, such as investment and insurance accounts. Key advancements include improvements in API performance and standardization, greater regulatory oversight of third-party providers (TPPs), and support for seamless data sharing across financial touchpoints.

Enhanced Regulatory Oversight

PSD3 introduces a more centralized EU oversight model, potentially including a single EU rulebook for payments. This aims to reduce inconsistencies across member states and bring more clarity to fintech regulation. By streamlining oversight, PSD3 ensures that all players in the ecosystem are held to uniform standards.

Improved Fraud Prevention & Compliance

PSD3 will tighten controls on remote onboarding, with stricter anti-money laundering (AML) protocols to combat rising cyber threats. KYC standards will also change through real-time transaction monitoring and advanced identity verification tools.

Licensing & Definition Clarifications

The market for payment services has grown very complex, with new players and services emerging all the time. PSD3 refines the definitions of key services like payment initiation and account information, while updating licensing requirements to ensure a level playing field.

Implications for Banks & Payment Providers

The introduction of PSD3 will require significant updates to internal systems, policies, and processes. Whether it’s adapting to new fraud prevention measures or meeting open finance requirements, banks and payment providers should prepare for increased compliance demands.

PSD3’s focus on standardization and enhanced APIs will require technology upgrades. For many, this could mean overhauling existing customer interfaces, fraud monitoring systems, and data-sharing infrastructure.

PSD3 creates opportunities for innovation but also poses competitive threats. Agile fintechs may adapt more quickly, putting pressure on traditional banks to keep up. Partnerships with fintechs could serve as a strategic move to blend the strengths of both worlds.

To stay ahead, banks and payment providers need to invest in Regulatory Technology (RegTech) to simplify compliance. They should also develop open finance strategies to expand their service offerings and capture new revenue streams.

Timeline & Implementation Outlook

While PSD3 is still in the drafting phase, stakeholders across the EU are participating in consultations to shape its final form. A formal proposal is expected soon, with adoption likely in the next few years. Although the exact timeline isn’t finalized, businesses should start preparing now to avoid being caught off guard:

Conduct a Gap Analysis

Evaluate your current compliance with PSD2 requirements to identify gaps that PSD3 might exacerbate. Focus on APIs, fraud prevention protocols, and consumer-facing transparency measures.

Engage With Industry Consultations

Stay informed by participating in stakeholder consultations or joining trade associations that provide early insights into evolving PSD3 standards.

Assess Technology Readiness

Audit your technology infrastructure to assess its readiness for API improvements, real-time fraud monitoring, and open finance integration. Consider partnerships with RegTech providers to fill gaps and simplify compliance.

Building the Future of Payments

PSD3 is more than a regulatory requirement; it’s an opportunity to future-proof your business in a rapidly changing industry. By addressing the challenges of PSD2 and adapting to the needs of today’s financial ecosystem, PSD3 will reshape the payments landscape for the better.

Banks and payment providers that act now to align their systems, strategies, and services with PSD3 will be well-positioned to lead in this new era.