Europe’s latest electronic payments regulation is about to take center stage.
The revised Payment Services Directive (PSD2) changes how payments will work across the EU, by opening up the financial services industry to more competition.
PSD2 creates the opportunity to access new markets while imposing strict regulations, ensuring anyone handling consumer information or transferring payment data is doing it safely.
The regulation is built around the concept of “open banking,” where compliant businesses can access consumer bank accounts, either to process payments directly or offer other services. The goal is to provide more options for consumers.
Companies wanting to participate will have to work for it; they’ll be required to meet new guidelines for data security, customer authentication and the use of APIs to transfer data.
Under PSD2, service providers that want access to consumers’ banking data will fall under one of two categories: Payment Initiation Service Providers (PISPs) who initiate payments by transferring funds from a consumer’s bank account, eliminating the need to send a consumer through a payment processor such as Visa… and Account Information Service Providers (AISPs) who offer value-added services by leveraging customer bank accounts — for example, by offering an app that tracks your spending.
The goal is to drive innovation of new third-party products and services that use consumers’ existing banking data to help them make payments and manage their accounts. PSD2 creates the opportunity to access new markets while imposing strict regulations, ensuring anyone handling consumer information or transferring payment data is doing it safely.
Who will this impact? Under PSD2, transactions where both the acquiring and issuing banks are based in the European Economic Area (EEA) must meet requirements for Strong Consumer Authentication (SCA). SCA is an extra layer of security for consumer-initiated transactions, helping reduce fraud and chargebacks through multi-factor authentication, for example, receiving a confirmation text on your phone or using physical characteristics like a fingerprint or facial recognition.
Segpay has been gearing up for PSD2 for some time now. We already offer merchants an extra layer of authentication through 3-D Secure (3DS), and we will introduce 3DS version 2.0 before the PSD2 compliance deadline of Sept. 14. 3DS 2.0 includes all the enhanced security features necessary to meet SCA requirements, including shifting fraud liability from merchants to issuing banks. Our policies will be updated to require that all consumer-initiated transactions between EEA consumers and businesses use 3DS 2.0 starting Sept. 14.
So, merchants working with us will be ready for PSD2. However, if you won’t be ready by September, you may be able to buy more time. The European Banking Authority has agreed to a limited extension for compliance. It will work with some payment service providers, merchants and consumers on a limited basis if they meet additional guidelines and provide a migration plan for achieving compliance.
As we count down the days until the curtain lifts on this latest EU regulation, take this time to work with your payments processor to consider how your business will handle the new regulations and work though any last-minute changes.
Cathy Beardsley is president and CEO of Segpay, a global leader in merchant services offering a wide range of custom financial solutions including payment facilitator, direct merchant accounts and secure gateway services. Under her direction, Segpay has become one of only four companies approved by Visa to operate as a high-risk internet payment services provider. Segpay offers secure turnkey solutions to accept online payments, with a guarantee that funds are always safe and protected with its proprietary Fraud Mitigation System and customer service and support. For any questions or help, contact compliance@segpay.com.