What does Payment Services Directive 2 (PSD2) mean for your financial institution?
Banks and payment service providers (PSPs) across the European Union (EU) and European Economic Area (EEA) are in the final stages of a frantic race. On December 31, 2020, Payment Services Directive 2 (PSD2) will come into full effect. This deadline, set by the European Banking Authority (EBA), is focusing minds across the industry. But what exactly is PSD2 — and what does it mean for your business?
Understanding PSD2
Directive (EU) 2015/2366, otherwise known as PSD2, is designed to develop a “better integrated internal market for electronic payments within the EU[i]”. It sets out security requirements for electronic payments and data protection, transparency requirements for payment services, and the rights and obligations of both users and PSPs.
The first Payment Services Directive came into force in 2007. PSD2 has applied since January 2016. But it is only at the end of 2020 that all involved in the industry must be fully compliant.
The new deadline was in part introduced to allow enough time for banks and financial providers to implement Strong Customer Authentication (SCA)[ii]. This is defined as “authentication based on the use of two or more elements categorized as knowledge (something only the user knows), possession (something only the user possesses) and inherence (something the user is)[iii]”.
This obligation means using two of these three features:
- Knowledge: Something only the user knows, e.g. password, code, personal identification number
- Possession: Something, only the user, possesses, e.g. token, smart card, mobile handset
- Inherence: Something, the user, is, e.g. biometric characteristics, such as a fingerprint.
From the start of 2021, it will be compulsory for operators in the EU and EEA to use multi-factor authentication.
Other changes that benefit consumers include:
- A reduced liability for non-authorized payments. Consumers are currently liable for €150. This will fall to €50.
- An unconditional refund right for direct debits in Euros for up to eight weeks.
- No more surcharges for using credit or debit cards.
- A move to open banking via APIs that creates significant opportunities for third-party providers to access accounts, data, and initiate payment services.
- The introduction of new third-party providers such as payment initiation service providers (PISPs) and account information service providers (AISPs). This is seen as a particularly significant development[iv].
Payment institutions offering payment initiation or account information services will also face a new obligation to have professional indemnity insurance.
KOBIL and PSD2 compliance
All of KOBIL’s solutions are fully PSD2 compliant thanks to our commitment to world-class security. Our PKI technology combines with trusted digital identities and signatures, end-to-end encryption, virtual smart card technology and our Digitanium™ channel to guarantee the protection of all payments and data exchanges.
PSD2 represents a significant opportunity for banks to enhance their services and become more than a bank in the eyes of their customers.
Ultimately, this could mean banks building their own ecosystem, bringing partners and customers together under a single digital hub, such as the KOBIL Super App.
This allows for the efficient orchestration of customer data, a seamless customer experience and an increased range of services and revenue streams.
Visit www.kobil.com or email hello@kobil.com to find out more about how we can help your organization ensure it is PSD2 compliant.
References
[i] https://eur-lex.europa.eu/legal-content/EN/LSU/?uri=CELEX:32015L2366
[ii] https://www.thalesgroup.com/en/markets/digital-identity-and-security/banking-payment/digital-banking/psd2
[iii] https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex:32015L2366
