Payment Service Providers Directive 2 or PSD2: what it means for FinTech businesses

In this article, we’ll be discussing about the importance of Payment Service Providers Directive 2 or PSD2 in FinTech.

As the digital era progresses, online spending has become a rising trend all over the world. However, if you are planning to launch a product with electronic payment services, you should learn about Payment Service Providers Directive 2 or PSD2. You will need to make sure that your electronic payment system is compliant and follows the stipulated regulations. In this article, we will dive into some of the important regulations that you will need to follow while launching a product with electronic payment services. 

Payment Service Providers Directive 2 (PSD2)

PSD2 is the second Payment Services Directive that was developed by the nations of the European Union. It regulates all the electronic payment services that are available in Europe in an effort to increase purchasing security. The primary goals behind the directive were to-

• Create an integrated payments market that prioritizes the protection of customers.
• Promote the development and use of innovative online and mobile payments such as through open banking.
• Make cross-border European payment services safer.

The Council of the European Union passed PSD2 on 16 November 2015. PSD2 went into full effect on 14 September 2019, but due to delays in the implementation, the European Banking Authority allowed for a time extension of the strong customer authentication (SCA) until 31 December 2020.

PSD2 enables businesses to retrieve their customers’ account data from the bank. They will also be able to make payments directly during purchase instead of being redirected to a third party like PayPal or Visa. Additionally, PSD2 will involve more advanced identity checks when paying online. PSD2 regulates and harmonizes two types of services, the Payment Initiation Services (PIS); and Account Information Services (AIS). 

• Account Information Services involves the gathering and archiving of data from a customer’s various bank accounts in a single place. This will provide customers with a complete idea about their financial situation so that they can evaluate their expenses and financial needs.
• Payment Initiation Services (PIS) providers enable the use of online banking to make payments online. These services help customers initiate payments from their account to the merchant’s account by creating an interface to bridge both accounts, filling in the information needed for the bank transfer (amount of the transaction, account number, message), and informing the store of the transaction. 

Another major update that can be seen in PSD2 is the introduction of new security requirements called Strong Customer Authentication (SCA)  to minimize the risk of fraudulent online transactions. This involves the use of two authentication factors for bank operations, including payments and access to accounts online or via apps, as well as a stricter definition of what counts as an authentication factor.

Compliance with the Payment Services Directive means that anyone completing payment in the EU over the value of €30 must provide 2-factor authentications. This is relevant for any online payment transaction that takes place in the EU, irrespective of whether the payee is within the EU at the time of purchase.

All online retailers need to make sure that they are compliant with the Payment Services Directive and have provided improved authentication for online transactions over €30. Typically, 2-factor authentication requires the customer to supply a one-time code received via a text, email, or phone call to authenticate their payment.

Although PSD2 will make waves in the online payment market, the extent of the impact will differ between EU member states. It will depend on various factors including existing payment infrastructure (e.g. the availability of a real-time settlement facility); customer behavior (e.g. a greater proportion of debit cards versus credit cards, online versus in-store shopping); existing interchange rates; and the level of usage of alternative payment mechanisms (e.g. PayPal and others). 

Choosing a payment service provider 

While choosing a PSP, it is important that you make sure that they are PSD2 compliant. A lot of these providers have a hosted checkout option that follows the required regulations. By choosing a compliant PSP, you will be able to shift your focus on high-value tasks that support your business instead of worrying about administrative and legal concerns of compliance.

Whether you want to retain control over the checkout experience directly, or you use a PSP without a hosted checkout option, you’ll have to handle implementing 3D Secure 2.0 into your payment flow yourself. But once you do, you’ll be compliant. Some of the popular payment service providers who pledge to be compliant by the deadline include:

• Stripe: A popular payment processing platform that facilitates the transfer of money from a customer’s bank account into your business’s account by way of a credit or debit card transaction.
• PayPal: A worldwide online payment system that supports online money transfers and serves as an electronic alternative to traditional paper methods like checks and money orders. 
• CyberSource: Will be able to support 3D Secure 2.0, which is a crucial part of SCA and PSD2. However, they require their third-party users to upgrade to their latest integration.
• Ingenico: Provides merchants with a comprehensive and innovative range of services and solutions that eliminate payment complexity and make purchasing quick, seamless, and secure for consumers.

Interchange Fee Regulation

The primary goal of the IFR is to cap interchange fees. This refers to the extra fee imposed by banks and payment card schemes. They are not visible to the consumers and neither retailers nor consumers can influence.  These fees are paid by the merchant acquirer (the merchant’s bank) to the card issuer (the cardholder’s bank), as a percentage of each transaction made by the cardholder and form part of the package of fees that merchant acquirers charge to merchants.

Interchange fees are normally set by operators of payment card schemes, such as Visa or MasterCard, or the banking community. To prevent circumvention of the IFR through an alternative flow of fees, the IFR treats the ‘net compensation’ (fees received by a card issuer from a payment card scheme, an acquirer, or any other intermediary) as an interchange fee.

Although the IFR is directly applicable, it offers national discretions in three key areas:

• Member States have the authority to implement lower interchange fee caps for domestic credit card transactions than the caps set out in the IFR.

• Member States can decide to implement lower caps on interchange fees for domestic debit card transactions than the caps set out in the IFR. There are also other flexibilities in the way Member States can apply interchange fee caps for domestic debit card transactions, such as applying a weighted average for a period of up to 5 years.

• Member States can exempt third party card schemes that use issuers or acquirers from caps to interchange fees for a period of up to three years, provided that the scheme’s market share remains below 3% in that Member State.

The advent of the internet has ushered in a new era for consumers. As the popularity of online payments grows, businesses need to adapt by shifting their focus on digital strategies. While launching a product that makes use of digital payment systems, there are many essential factors to consider. The most important one is compliance. Businesses must ensure that they follow all the required regulations before product launch for safe and secure transactions.