The PSD2 is Coming. Here’s What You Need to Know.
No policy change coming in 2018 promises to disrupt the payments industry more than the Revised Payment Services Directive, or PSD2. The EU directive, which takes effect beginning in early 2018, opens a world of new opportunities for consumers and businesses. But like any major policy change, there’s a lot of uncertainty involved.
Let’s delve into the new PSD2 and see what benefits—and new vulnerabilities—you should expect.
The PSD2: Explained
The Revised Payment Services Directive is a proposal adopted by the European Parliament in October 2015. Under the new rules, both consumers and businesses operating in the EU will be able to use third-party services to fill many of the roles previously restricted only to banks.
Players like Facebook and Google, for example, are now free to offer services like integrated bill pay, funds transfers, and analytics. Banks and card schemes are no longer insulated from competition with PSD2 in place; the field is open to any entity willing to offer financial services.
The European Commission drafted the PSD2 protocol with three specific goals in mind:
The Revised Payment Services Directive promises to simplify commerce and banking online. This sounds good, but we must ask: can there be unintended negative consequences?
PSD2, the Digital Single Market, GDPR…whether you’re in the EU or not, these policies will profoundly impact your business. Click below to find out how.
The PSD2 introduces opportunities for new payment initiation service providers (PISPs) to bring products to market. With PISPs, consumers have the option to make payments direct from their bank accounts, rather than using a credit or debit card as an intermediary. Many hail this as an opportunity to upend the card schemes’ hegemony over payments and open the market to greater competition, but it also introduces new uncertainties:
Consumers’ rights to file chargebacks on credit and debit card purchases are guaranteed under the Fair Credit Billing Act of 1974. It’s not clear how chargebacks will work with a PISP, though. After all, these are not credit or debit card transactions, so there’s no guarantee that a service provider will be able to enforce a chargeback.
Chargebacks are widely abused and employed in committing friendly fraud, and they are desperately in-need of an update for the eCommerce age. That said, chargebacks are still an important consumer protection tool, guaranteeing that consumers won’t pay the price for fraud.
It may shake consumer confidence if a PISP is not prepared to handle the same volume of chargebacks as existing card schemes, while creating other unforeseen problems for merchants.
PSD2 also mandates that online payments employ 2-factor authentication. While experts have advocated for adopting 2-factor authentication tools like biometrics for years, it’s not as simple as it looks.
The European Banking Authority suggests that their regulatory technical standards should be viewed as formal guidelines for implementing these tools. But the final draft of these standards will not be published until the end of 2018. The gap between the beginning of PSD2’s adoption and the finalizing of regulatory standards creates a gap for criminals looking to take advantage of inconsistent policies.
The regulatory standards also mean merchants won’t be able to implement customized fraud prevention tools based on personal risk assessment. In terms of security, the standards prescribe what a merchant must have…regardless of whether they need it or not.
Effect on Non-EU Merchants
“So what?” you may be asking, “I operate outside the EU.” Be prepared: the PSD2 will affect your business, no matter which side of the pond you call home.
These standards still apply to so-called “one-leg transactions,” or transactions in which at least one party is in the EU. Thus, merchants in North America will need to abide by these rules if they want to do business with consumers in EU member states. Given that EU citizens spent $720 billion online in 2017—more than 50% higher than the total spent in the US—most merchants would be very resistant to give up EU market access. That’s the power of the EU in terms of global policy.
Positive Change, but Uncertain Adoption
Overall, the PSD2 is a positive step forward for global eCommerce; the directive promises to improve and standardize security across the board, and to promote greater innovation and competition. However, the scope of this policy update still leaves us with uncertainties.
Rational and well-intentioned revisions can often have negative consequences. Think how EMV adoption in the US led to a surge of post-EMV chargebacks for eCommerce retailers, or how the Digital Single Market threatens to turn Europe into a “walled garden” for eCommerce.
There will still need to be a consumer fraud protection mechanism in place under PSD2. It’s not clear yet whether that means adopting existing chargeback policy to a post-PSD2 environment, or creating a new consumer protection practice. Either way, we recommend that you insulate yourself against any potential negative ramifications from this update; that way, you can enjoy the added benefits of widespread standardization, without any of the risk. Click below to find out how.