The European Commission’s June 28, 2023, proposal for a third Payment Services Directive (PSD3) presents an opportunity to increase payments security, open the door to further innovation and enhance industry standardization.
The initiative is part of a larger global trend toward open finance and increasing competition across financial sectors. According to the commission, PSD3 will prepare the EU’s financial sector for ongoing digital transformation and its opportunities and risks.
PSD2 Laid the Groundwork
PSD2, which went into full effect at the end of 2020, brought forward the requirement that banks allow third-party providers access to customer accounts through APIs. That change acknowledged the dawn of open banking, through which new financial products and services can be built on top of banking infrastructure and data.
PSD2 introduced two major service categories.
- Payment Initiation Service Provider – Provides bill payment, money transfer and other services
- Account Information Service Provider – Provides aggregation and analytics for multiple accounts
PSD2 provides a legal framework for how third-party services access, secure and manage sensitive financial data. It also determines how they are authorized and regulated.
Strong Customer Authentication (SCA) is a crucial tool in ensuring security for payment information. If an online transaction rises above a certain threshold and is not exempt, SCA requires customer authentication to include at least two of the following elements.
- Something the customer knows, such as a password
- Something the customer has, such as a card or phone
- Something the customer is, such as biometrics
The challenges around implementing SCA in the payments industry were worth overcoming because they led to a drop in fraud, according to the European Banking Authority (EBA).
“The EBA has found that the share of fraud by value is three times higher for payments authenticated without SCA compared with payments authenticated with SCA,” according to the EBA.
Consumer acceptance of SCA has been mixed. One survey found 42% of respondents feel safer buying online with SCA, but 21% said SCA made it difficult to make payments. Finding the payments sweet spot between security and speed continues to be critical to building customer trust and enhancing business performance.
PSD3 would build on its predecessor to account for new developments around payment technology, emerging fraud threats and discrepancies in enforcement.
The commission’s proposal has several objectives.
Combat Payment Fraud
The proposal seeks to strengthen fraud protections by building on SCA. It addresses emerging fraud types, such as impersonation, not covered adequately by PSD2.
Improve Payments Capabilities
PSD3 aims to enhance transparency in areas such as account statements and ATM charges. It ensures consumers can safely make domestic or cross-border electronic payments in multiple currencies. It includes rules for how long locked funds may be held and how much payment service providers can block.
Level the Playing Field for Banks and Nonbanks
PSD3 grants nonbank payment service providers access to all EU payment systems.
Enhance Open Banking
PSD3 would improve data interfaces, remove obstacles to open banking services and give consumers more control over data access permissions. Opening payment information is the first step to open finance, in which financial data is accessible through secure channels.
Improve Cash Availability
The measure allows EU retailers to offer up to 50 euros to customers without needing a license or acting as an agent of a payment institution. Certain ATM operators also could operate ATMs without licenses, but they would have to disclose any fees.
Strengthen Consistency and Enforcement
PSD3 would enact most payment rules in a directly applicable regulation to enforce implementation standards and clarify penalties.
Digital Identity Verification Can Fuel Payments Growth
Just as SCA is crucial to PSD2, powerful identity verification will play a central role in PSD3.
The work is already underway to enhance the payments industry, introduce new services and fortify it with strong security and privacy protocols. Organizations that implement agile digital identity verification capabilities into their workflows can position themselves to quickly adjust to PSD3 and other evolving regulations around the world.
Business Verification (KYB)Enhanced Due Diligence Procedures for High-Risk Customers
Identity VerificationProof of Address — Quickly and Accurately Verify Addresses
Business Verification (KYB)How to Verify Legitimate Businesses and Merchants