The Payment Services Directive 2 (PSD2) is a European Union (EU) directive that was implemented to regulate payment services within the European Economic Area (EEA). It became effective on January 13, 2018, with the aim of modernizing and harmonizing payment services across the EU. PSD2 builds upon the original Payment Services Directive (PSD) and introduces several key changes and innovations to the European payment landscape. Here are some of the main aspects of PSD2:
1. Increased Security: PSD2 introduces strong customer authentication (SCA) requirements to enhance the security of electronic payments. SCA mandates that payment transactions must be authenticated using at least two of the following factors: something the user knows (e.g., a PIN or password), something the user has (e.g., a mobile device or smart card), and something the user is (e.g., biometric data like fingerprints or facial recognition).
2. Open Banking: PSD2 promotes the concept of open banking, which allows third-party providers (TPPs), with the customer's consent, to access financial data and initiate payments on behalf of the customer. This enables innovation and competition in the financial services industry by encouraging the development of new payment services and products.
3. Access to Account (XS2A): PSD2 introduces the Access to Account (XS2A) provision, which requires banks to provide authorized TPPs access to their customers' payment accounts, account information, and transaction data. This access facilitates the creation of new payment initiation and account information services.
4. Account Information Service Providers (AISPs): AISPs are TPPs that offer account aggregation and financial information services. They can access a customer's account data with their consent, allowing customers to view their financial information from various banks in one place.
5. Payment Initiation Service Providers (PISPs): PISPs are TPPs that initiate payments on behalf of customers. With customer consent, PISPs can initiate transactions directly from the customer's bank account, providing an alternative to traditional card payments.
6. Regulatory Oversight: PSD2 introduces a regulatory framework to oversee payment services and ensure compliance with its provisions. National competent authorities (NCAs) in each EU member state oversee and enforce PSD2, while the European Banking Authority (EBA) provides guidelines and harmonization.
7. Customer Consent and Control: PSD2 emphasizes customer control over their financial data and transactions. Customers have the right to grant and revoke consent to third parties accessing their account data or initiating payments on their behalf.
8. Transaction Risk Analysis (TRA): Under certain conditions, PSD2 allows for exemptions from SCA, such as low-value transactions or transactions deemed low risk based on transaction risk analysis.
9. Competition and Innovation: PSD2 aims to stimulate competition and innovation in the payments sector by breaking down traditional banking monopolies and encouraging the development of new, customer-centric payment solutions and services.
10. Complaint Handling and Dispute Resolution: PSD2 establishes procedures for handling complaints and resolving disputes related to payment services.
PSD2 has had a significant impact on the European payments industry, fostering the emergence of new payment service providers and innovative payment methods while enhancing security and consumer protection. It has also set a precedent for open banking initiatives in other parts of the world, driving discussions about data privacy, consent, and the future of financial services.