The new PSD2 directive is a fundamental piece of payments legislation in Europe, which entered into force in January 2016 and will go into effect on 14 September 2019.
What is PSD2?
The revised Payment Services Directive (PSD2) aims to better align payment regulation with the current state of the market and technology, and introduces security requirements for the initiation and processing of electronic payments, as well as for the protection of consumers’ financial data.
It also recognizes and regulates Third-Party Providers that are allowed to access or aggregate accounts and initiate payment services .
This is clearly shaking up the payments market, particularly in the ecommerce space, by encouraging greater competition, transparency and innovation in payment services.
In short, PSD2 aims at facilitating consumer access to their banking data and driving innovation by encouraging banks to exchange securely customer data with third parties.
Security is top-of-mind
To protect the consumer, PSD2 requires banks and third parties to implement multi-factor authentication for all proximity and remote transactions performed on any channel.
This means using two of these three features:
- Knowledge: Something only the user knows, e.g. password, code, personal identification number
- Possession: Something only the user possesses, e.g. token, smart card, mobile handset
- Inherence: Something the user is, e.g. biometric characteristic, such as a fingerprint.
In addition, the elements selected must be mutually independent, which means that the breach of one should not compromise any of the others.
Smooth user experience
In order to ensure a smooth user experience, PSD2 requests participants to put in place security measures that are compatible with the level of risk involved in the payment service to find the right balance between security and user convenience.
To simplify life for consumers, a number of situations were listed for which Payment Service Providers are not required to perform strong customer authentication. Most of these exemptions concern low-value payments, repetitive transactions and transactions to trusted beneficiaries.
PSD2 and open banking
The move to an open ecosystem means removing barriers between competitors as it requires banks to allow their account details and transactions to be shared with third parties through APIs.
This builds a common ground of stronger collaboration and better interchangeability between traditional financial institutions and new fintech players such as savedroid.
And to provide a coherent and seamless user experience, banks will also have to collaborate to define a common approach, at least at a country or regional level.
The market is already adjusting. Banks stopped being the established lenders and the sole custodians of client information, and this resulting in the decrease of entry barriers to fintech startups.
Where do we fit in?
“What sets us apart is that we have multiple apps with thousands of users, which gives savedroid an unique insight into how we can continue to improve our digital offering. PSD2 is an opportunity not only to stake our claim but to redefine our offering while having the ability to securely handle our users financial data and take advantage of a dynamic new market for financial services.” says Tobias Zander, CTO of savedroid.
savedroid is always on top of the curve with the last security features. As a regulated and fully compliant entity with all applicable local and EU legislation, we will introduce PSD2 over the next days. Our users will simply be prompted to update their apps and re-introduce their bank details.