Analyzing the Revised Payment Service Directive in 2023
Starting back in 2015, The Council of the European Union implemented legislation that resulted in what is now known as the Revised Payment Service Directive, or PSD2. This legislation was intended to spur innovation in payments and help banking services adapt to new technologies.
At its core, PSD2 is a set of mandates for the handling of electronic payment services in Europe. It was designed to streamline payments within the European Economic Area and lay the legal groundwork for a pan-European payments ecosystem. It was also expected to enable faster, more secure cross-border payments, and standardize rights and responsibilities for merchants, consumers, and PSPs.
Learn more about PSD2The latest major update to the PSD2 was in 2019. Experts have carefully monitored the directive since that time. That presents an important question, though: did the legislation work?
The EU Directorate‑General for Financial Stability, Financial Services, and Capital Markets Union recently published a new study exploring some PSD2’s impacts on the market. The purpose of the Commission’s study was to collect and analyze data concerning the current state of the payments market, and examine the PSD2’s “added value” in terms of effectiveness, efficiency, and relevance.
Today, let’s take a closer look at the Council’s findings, and examine some of the successes, as well as some of the areas in which more change may be needed.
Recommended reading
- What is EMV Bypass Cloning? Are Chip Cards Still Secure?
- Dispute Apple Pay Transaction: How Does The Process Work?
- Terminal ID Number (TID): What is it? What Does it Do?
- How Do Credit Card Numbers Work? What do the Numbers Mean?
- What is PSD2? How it Impacts Banks, Businesses & Consumers
- P2P Payment Use in eCommerce Jumps 66% in 2024
Mostly Good News
The study found the regulations to be both relevant and appropriate, even when viewed in retrospect. PSD2 had mainly delivered a beneficial impact, they concluded.
Perhaps more relevantly, there appeared to be no obvious negative effects or consequences from the directive in general. The one exception was in Italy, where the courts found that some newer systems benefitted the payment service provider more than the consumer.
But, while the overall result was positive, the report also identified a number of areas where there is room for improvement. Some of these were potentially due to missteps in the original concept. Many, however, reflected ongoing advances in technology and changes in customer behavior that were not addressed in the directive.
Changing Payment Preferences Among Consumers
One of the dominating – and unprecedented – factors was the covid-19 pandemic, which drove instances of non-cash payments to incredible levels. At the same time, “non-cash” no longer refers solely to payment cards: consumers now have more payment options than ever before. Speaking specifically to eCommerce, new alternatives to online card payments include simplified online bank transfers, BNPL services, and digital wallets like Apple Pay.
In Europe, digital wallets are already used more than conventional credit cards. Still, not all merchants are on board with alternative payment options. The recently published Chargeback Field Report, for example, shows that merchant acceptance of alternative payment methods actually decreased over the last 12 months.
According to the report, the unexpected growth of these new payment methods caused a huge hiccup in the value chain of payments. Pay by bank (PBB) and account-to-account (A2A) payments are also increasing competition in the payment market.
Finding that PSD2 protocols remain relevant is one thing. But, are they as helpful as they could be? To this point, the Council’s study specifically addressed both the efficiency and effectiveness of the directive, as we’ll explore below.
Examining the Effectiveness of PSD2
Some of the positive impacts of PSD2 were proposed as long-term benefits; in many cases, it’s still too soon for the overall effectiveness to be called. Two of the more prominent aims, however, were more immediate.
Leveling the playing field and increasing access to third-party providers (TPP) was one such goal, and the report suggests that this has been a success. The authors’ statistics show a combined annual value of €1.6 billion that has been added to the EU payments market by the inclusion of TPPs.
PSD2 also helped establish the legislative and regulatory infrastructure for Open Banking, which in turn has allowed for increased competition. As a result, the report concluded, legacy banking institutions have been driven to provide innovative consumer products and services to stay competitive.
At the same time, PSD2’s implementation of Strong Customer Authentication (SCA) requirements has improved transaction payment security. SCA facilitated a decrease in fraud levels. On the other end of the equation, certain consumer rights, including reduced liability for unauthorized payments, were also created or strengthened under PSD2.
Overall, the report estimates that consumers saved roughly €900 billion in fraud losses due to PSD2’s improved customer protection measures.
On the other hand, the study also found that the SCA requirement has led to friction during customer checkout. Consumers noted that the experience felt more difficult and cumbersome, often leading to shopping cart abandonment.
Moreover, loopholes in SCA allow fraudsters to circumvent security provisions. The authors of the report agree that the PSD2 has led to increased oversight, but further improvements in supervision are needed.
Is PSD2 Efficient?
The report concluded that the directive had been effective, at least to some extent. From there, the Council collected data on the manpower, time, and financial resources required for the implementation of PSD2. These were then contrasted against any positive or negative changes that resulted.
Overall, researchers found that the benefits generally justified the end result. That is not necessarily a universal assessment, though.
Banks and banking associations, in particular, did not agree with the Council’s findings. An overwhelming majority of those consulted for the study felt that the costs of PSD2 implementation overshadowed any benefits they received. While TPPs established before PSD2 were overall more positive, even they generally agreed with the negative assessment.
To be fair, the study was necessarily taking a wider view. While the heaviest costs of the directive were the substantial upfront investment costs, the benefits — though potentially significant — are materializing gradually.
The study was designed to include both short- and long-term impacts. It therefore projects greater return on investment as time goes by. In reality, it’s difficult to calculate an accurate overall cost-to-benefit picture at this time.
Looking to the Future
It’s tempting to try and label PSD2 as either a “success” or “failure.” However, there’s more nuance to the question; the Council’s report rightfully points out that not all the information is in yet. With some of the positive impacts only now becoming manifest, it’s still too early to even identify all opportunities to tighten loopholes.
Nearly all stakeholders agreed that the PSD2 is well-intentioned. At the same time, most feel they have led to disproportionate, onerous requirements. The study’s authors, however, feel that progress is being made and that the system is merely experiencing “growing pains.”
Neither conclusion is wholly right or wrong, of course. The goal of the directive is to improve the process, and there has been a measurable movement in that aspect. At the same time, the largest benefits have not yet trickled down to those who bore the brunt of the upfront cost.
To address the situation, the Council recommends continued efforts to clarify and solidify the directive. Their suggestions include simplifying the process for consumers to avoid abandonment, clarifying obligations for merchants and FIs (particularly in regard to cross-border transactions), and providing better oversight.
While these are sensible and logical proposals, this approach likely means additional restrictions and legislation. That could be a slippery slope, as simply adding mandates to mandates seldom improves a situation. It will require thoughtful work on the part of the Council to maintain an important balance between necessary updates and a bloated system.
PSD2: An Outside Observation
Payments technology continues to evolve at an almost unimaginable rate, and there’s no indication that will change. Therefore, it’s highly commendable that the Council seems dedicated to regular reviews of the PSD2’s performance.
PSD2 was a forward-thinking concept, but like many such ideas, the directive cannot possibly cover every potential future circumstance. For example, there’s no real attempt to address likely developments such as the introduction of a digital Euro or US dollar, or even a rise in overall cryptocurrency acceptance.
Perhaps worse, fraud protections mandated under PSD2 are already becoming outdated. Criminal fraudsters are consistently honing their technology and their craft, to the point where many fraud management professionals are struggling to keep up.
Our belief has always been that protecting the consumer from criminal fraud is the priority. Unfortunately, consumers are not the only victims. Visa suggests that 75% of the fraud merchants deal with is potentially coming from customers, not criminals.
Referring again to the Chargeback Field Report, over half the consumer respondents admit filing a dispute without first contacting the merchant. As far-reaching as PSD2 is, it doesn’t really address fraud that happens after the fact.
True fraud prevention and risk mitigation require a more comprehensive approach — one that may require the Council to refine the mandate even further.