PSD2 – the changes and opportunities explained
What is PSD2?
In 2009, the European Union’s (EU’s) first Payment Services Directive (PSD) was designed to regulate payment services and providers throughout the EU and European Economic Area (EEA). The aim was to increase pan-European competition, open up the payments industry to non-banks, and create a level playing field by harmonising consumer protection and the rights and obligations of payment providers and users. New behavioural changes have called for an update on PSD, called PSD2. This will have significant impact on the payment market for all Payment Service Providers (PSPs)and Merchants.
At Worldpay, we’re at the forefront of regulatory activity. Constant contact with the EU and UK regulators and authorities, as well as Open Banking, helps us identify key opportunities so we can advise you on how to take advantage of any changes. Here we’ll guide you through what’s changed and what’s new in relation to PSD2.
PSD2 implies three major changes for merchants:
- Increased innovation through Access to Accounts (XS2A).
- Enhanced security and reduced fraud through Strong Customer Authentication (SCA).
- Improved consumer trust as a result of banned surcharging.
1. Access to Accounts (XS2A)
This is potentially one of the most transformative elements of PSD2. Previously, access to bank accounts was restricted to either the account issuer or unregulated providers using 'screen scraping' and consumer security credentials. Under PSD2, any regulated third party can now access a consumer's bank account with the consumer’s consent. This gives merchants the opportunity to access data and the ability to initiate payments – banks are mandated to provide interfaces to support this access.
This change (also known as Open Banking in the UK) will lead to greater innovation in the payment industry, with new consumer experiences based on Account Information Service Provider (AISP) and Payment Initiation Service Provider (PISP) services. For example, consumers could see all their accounts in one place, or make online payments by bank transfer. Online payments by bank transfer are already very popular in the Netherlands with over 56% of payments made using this method compared with just 20% via card schemes1.
XS2A provides two opportunities for merchants; first, access to bank data will enable the development of data insight tools, allowing merchants to offer more personalised offers. And second, merchants will be able to offer new payment methods using PISP services with lower costs and chargeback risks.
2. Strong Customer Authentication (SCA)
From September 2019, all electronic payment transactions will need to be authenticated by at least two of three possible methods:
- Knowledge: something only the user knows, such as a password
- Possession: something only the user possesses, such as a token or mobile phone
- Inherence: something the user is, such as a biometric (e.g. fingerprint recognition)
SCA (or two-factor authentication) aims to drive down fraud; however, the challenge is implementing SCA without scaring away customers or reducing acceptance rates. Today's consumers are familiar with the seamless engagement and frictionless transactions of experiences such as Amazon and Uber.
But, there are certain exemptions to SCA that will help maintain a frictionless payment experience:
- Trusted beneficiaries
Consumers can whitelist merchants they deem trustworthy with their bank so SCA is not required.
- Recurring transactions
When a consumer makes a regular payment of the same amount to the same business, SCA is only required for the first transaction.
- Low-value transactions
Transactions below €30 will not require SCA.
- Low-risk transactions
Lower risk transactions that have undergone real-time assessment may be processed without SCA.
Real-time fraud management, behavioural analytics and the use of machine learning will become critical to managing a successful payment experience.
Where SCA is required, biometrics will undoubtedly play a major role in providing the best consumer experience. Over 60% of all new smartphones now feature biometric capabilities such as fingerprint sensors, voice or facial recognition. In addition, common authentication methods such as 3D Secure (3DS) are seeing significant change. The new 3DS2 standard now supports the use of biometrics, plus it provides the possibility for merchants to enhance the authentication experience for consumers through improved integration with checkout pages both on web and mobile.
Worldpay can help guide merchants to the best, most seamless payment experiences in this new landscape by managing both risk and acceptance.
3. Changes to surcharging
The previous PSD regulations limited surcharging across all payment methods. PSD2 goes further, introducing a ban on surcharging for all payments where a consumer’s credit, debit or prepaid card is used. The removal of surprise charges at the checkout will increase merchants’ transparency and ultimately build consumer trust.
For certain merchants surcharging was an important component of their pricing strategy to pass on the cost of processing payments which has become more limited with the ban on surcharging. However, there are a number of ways to address the ban, as Charles Damen explains: “It basically means that merchants will either need to include the cost of the payment within the overall cost of the goods or service, recoup the cost in a different way or apply a discount to the cheapest payment method.”
If the ban applies to your business, Worldpay can help you identify the options available.
How will PSD2 affect marketplaces?
PSD2 has applied a number of changes to marketplaces handling payments on behalf of buyers and sellers for goods and services. Worldpay has helped a number of global marketplaces manage their payments. Under PSD1, marketplaces could use the exclusion for commercial agents and thereby avoid the requirement to become an authorised payment institution, but within PSD2 this exclusion has changed and become more limited in scope, making it more difficult for marketplaces to use this exclusion.
There are several options for marketplaces to comply with the new regulation. The most significant option is to become a payment institution, which incurs significant cost and operational and regulatory oversight. The second option is to outsource part of the marketplace functionality, such as payments and customer onboarding to a licenced payment institution.
However, there are other far simpler options than requiring the marketplace to become a payment institution. By reviewing the scope and business model of its service, a marketplace could seek to bring itself within the narrowed commercial agent exclusion in PSD2 and avoid any major changes.
Worldpay can talk you through relevant options to help you find the best solution for your business.
How Worldpay’s PSD2 team can help
At first glance, the new updated regulations of PSD2 may seem like a lot of big changes to tackle and action, but here at Worldpay, we also see the new PSD2 regulations as a starting point for opportunities, which we look forward to helping you implement.
Want to know more about the changes of PSD2 to your business? Worldpay will be releasing a PSD2 e-book very soon, outlining some tips and guidelines on how to react. To make sure you’re fully informed, we’ll be continuously updating our information as PSD2 progresses.
Meet the expert
Charles is SVP Product Strategy at Worldpay, responsible for PSD2 and Open Banking. He holds a dual Bachelor Degree in European Business and has over 20 years’ payments, mobile and Internet experience.
1eCommerce payment monitor 2015 – G/K
Disclaimer: This article is accurate at the time of publication (April 2018)
© Worldpay 2018. All rights reserved. The information is provided on an “AS IS“ basis for information purposes only and Worldpay makes no warranties of any kind including in relation to the content or sustainability. Terms and Conditions apply to all our services. Worldpay (UK) Limited (Company No. 07316500 / FCA No. 530923), Worldpay Limited (Company No. 03424752 / FCA No. 504504), Worldpay AP Limited (Company No. 5593466 / FCA No.502597). Registered Office: The Walbrook Building, 25 Walbrook, London EC4N 8AF and authorised by the Financial Conduct Authority under the Payment Service Regulations 2009 for the provision of payment services. Worldpay (UK) Limited is authorised and regulated by the Financial Conduct Authority for consumer credit activities. Worldpay, the logo and any associated brand names are all trade marks of the Worldpay group of companies.