The Payment Services Directive (PSD) is a European regulatory framework introduced in 2007, aimed at protecting consumers and promoting innovation in the payment services sector.
PSD2, which came into effect in 2018, brought significant changes to online payment processes and digital identity management. It enabled an open banking ecosystem, which spurred the growth of new companies and services within the sector. Now, the European Commission has proposed PSD3, which seeks to update and enhance the existing regulations.
This new revision impacts everyone, so both consumers and businesses need to be aware of the important changes introduced by PSD3. It’s crucial to adapt to the new regulatory requirements and seize the opportunities the payments market offers to various service providers.
What is PSD3?
PSD3 is the third iteration of the Payment Services Directive. It is a set of regulations designed to update previous versions within the payments industry, focusing on three key pillars:
- Enhancing consumer protection against potential risks and abuses,
- Improving security and transparency within the payments industry,
- Promoting competition in the payment services market, making it easier for new companies to enter.
PSD3, therefore, revises and updates PSD2, the Second Payment Services Directive.
These regulations aim to ensure that payments between different Member States are as seamless and secure as domestic ones by establishing common standards and laws for electronic payments within the EU.
Key Features of PSD2
One of the most significant features introduced by PSD2 was Open Banking, which required banks to open up their payment infrastructure to third-party providers (Third Party Payment Service Providers, or TPPs). This move has fostered the growth of new fintech companies.
Additionally, PSD2 strengthened security for customers by implementing Strong Customer Authentication (SCA), which requires at least two factors of authentication (multi-factor authentication) when authorising a payment or transaction.
What are the key changes in PSD3 compared to PSD2?
PSD2 was a significant step forward in opening up the payments services industry, and PSD3 builds on and strengthens the same areas already covered by PSD2, such as Open Banking and operational transparency, fostering fair competition in payments.
However, there is a fundamental difference between the two revisions: PSD3 focuses on enhancing consumer rights. Consumers are the central pillar of this new version of the Payment Services Directive.
In addition to supporting consumers, PSD3 aims to adapt to technological advancements, addressing new forms of fraud such as identity theft.
Some of the most important changes introduced in PSD3 compared to PSD2 include:
- Enhanced Security: PSD3 imposes stricter requirements for digital payment security, including multi-factor authentication and risk management. Besides promoting the use of biometrics as an alternative authentication method, it will also facilitate information sharing between businesses and payment issuers (banks), such as location data, the device used for the transaction, and spending habits, to better assess the risk of each transaction.
- Transparency and Accessibility: PSD3 requires banks to create a control panel that allows customers to manage and revoke access permissions to their data easily. This will improve transparency and strengthen customer trust in the open banking ecosystem. Guidelines have been included to promote the accessibility and usability of payment services, with biometric payments emerging as a simple, accessible, and robust method for authorising transactions.
- Consumer Protection and Accountability: PSD3 introduces measures to protect consumers from potential risks and abuses, such as refunding unauthorised payments and safeguarding personal data. Card networks (like Visa or Mastercard), payment gateways, and technical service providers will be held accountable for fraud if they fail to apply proper Strong Customer Authentication (SCA) measures when authorising payments.
- Innovation and Competition: PSD3 aims to foster innovation and competition in the payments market by encouraging the creation of new, more attractive services and products for consumers. Building on the success of Open Banking, PSD3 proposes developing a framework that extends the principles of open finance to a broader range of financial data. This initiative, known as the Financial Data Access (FIDA) proposal, aims to give consumers and businesses greater control over their financial data, allowing them to share it with Third Party Providers (TPPs) to access innovative services
Two-factor authentication is a security process where the user verifies their identity using two out of the following three methods: something you know (like a password or PIN), something you have (such as a card or mobile phone), and something you are (like facial recognition, fingerprints, etc.).
What is Payment Services Regulation (PSR)?
The new regulation is divided into two parts. PSD3 remains a directive focused on regulating the activities of payment service providers and the process of granting licences.
On the other hand, most of the responsibilities that previously fell on banks will now be covered by the Payment Services Regulation (PSR), which will replace PSD2 and be automatically implemented as law across all EU member states.
One key aspect of the PSR is the ban on surcharges for card payments. This aims to protect consumers from hidden fees sometimes charged by businesses, providing greater transparency in payments.
Additionally, the PSR sets rules for managing payment disputes and offers protection against unauthorised transactions and fraudulent activities, creating a safer environment for payment services.
What benefits does PSD3 offer to consumers?
PSD3 brings several significant advantages for consumers, including:
- Increased Security: Stricter requirements for online payment security will help reduce fraud risks and protect consumers from potential losses.
- Greater Transparency: PSD3 mandates that payment service providers offer clear and comparable information about their services, making it easier for consumers to choose the provider that best meets their needs.
- Enhanced Control: PSD3 allows consumers to access their payment information securely and easily, enabling them to make informed decisions about their finances.
What does PSD3 mean for businesses?
PSD3 also has important implications for businesses, such as:
- New Regulatory Requirements: Payment service providers will face new regulatory demands, which may require adjustments to their processes and systems.
- Increased Competition: By promoting innovation and competition in the payment services market, PSD3 may lead to the development of new and more attractive services and products for consumers.
- Greater Accountability: Measures to protect consumers from risks and abuses will require businesses to be more responsible and transparent in their commercial practices.
When does PSD3 come into effect?
The final version of PSD3 is expected to be ready by the end of 2024. After that, the EU typically grants member states an 18-month transition period, meaning it could come into effect in 2026.
Mobbeel and PSD3
At Mobbeel, we offer multi-biometric authentication solutions based on facial recognition and voice biometrics, providing simple and secure mechanisms to strengthen user authentication for payments and transactions.
Additionally, we provide cutting-edge solutions to detect emerging types identity theft driven by new technologies and techniques, such as:
We understand the importance of security in the digital payments environment, especially with the advent of PSD3. However, we must also remember that people are interacting with this technology. That’s why our multi-biometric solutions are designed to make authentication not only secure but also intuitive for users.
Contact us if you want to use cutting-edge AI technology to prevent spoofing and verify your user with biometrics.
I’m a Software Engineer with a passion for Marketing, Communication, and helping companies expand internationally—areas I’m currently focused on as CMO at Mobbeel. I’m a mix of many things, some good, some not so much… perfectly imperfect.
GUIDE
Identify your users through their face
In this analogue-digital duality, one of the processes that remains essential for ensuring security is identity verification through facial recognition. The face, being the mirror of the soul, provides a unique defence against fraud, adding reliability to the identification process.