The European Payment Services Directive 2 (PSD2) which came into force in January 2016 and will apply from January2018 will bring significant changes and opportunities to the payments and banking sectors in Europe and beyond. 

FirstPartner has collaborated on a joint blog post, published by The Human Chain, which summarises why all those in the payments ecosystem should participate in the current European Banking Authority (EBA). Regulatory Technical Standards (RTS) consultation that will be fundamental to the successful delivery of PSD2.

The objective of PSD2 is to make it easier, cheaper, faster and more secure for consumers to pay for goods and services across the single market by driving harmonization, innovation and security. Two of its critical provisions are:

1.       Access to Accounts (XS2A) which will open up access by authorised Third Party Processors (TPPs) to consumer data and banking infrastructure. XS2A will enable new service providers (defined under the directive as Payment Initiation Service Providers (PISPs) and Account Information Service Providers (AISPs), to offer innovative payment and account aggregation services respectively.  This will be facilitated through open APIs and the secure communication standards that the draft RTS proposes.

2.       The requirement for strong customer authentication (SCA) to be applied for all electronic payments in Europe.  This aims to address what is seen by the commission as a failure by the industry to address unacceptably high levels of e-commerce fraud.

A previous paper published by The Human Chain explains why PSD2 should be a major catalyst to innovation and growth in and around the banking and payments industries. 

The Consultation Paper on the draft RTS published by the European Banking Authority (EBA) on 12th August 2016 is fundamental to the successful delivery of PSD2.  It specifies the requirements for and exemptions from SCA,  protection of customers security credentials and standards for secure communication between banks and third party payment and account information service providers.  As such it will have a major impact on consumers' e-commerce experiences and the cost and complexity of integrating with bank APIs. 

Of course, as with all regulation, PSD2 carries risks.  It needs to tread the fine line between encouraging competition and innovation and preventing costly and restrictive technology fragmentation, while protecting consumers and controlling fraud.

In drafting the RTS, the EBA has acknowledged the above challenges and risks and consciously followed a technology and business model neutral, “principles based” approach so as not to restrict payments and security innovation.  While these aims must be applauded, the current draft RTS falls short of getting the balance right between technical consistency, legal clarity and freedom to innovate.   

We and many other players in the industry have real concerns that the way in which the requirements for SCA are defined are in danger of stifling e-commerce growth, whereas the approach to standardising secure communication and APIs leaves too much open to interpretation and conflicting proprietary standards.

Read the full post here and If you are an existing Financial Institution, or prospective PISP or AISP wanting to maximise the opportunities offered by PSD2 and you have not yet prepared your response to the EBA’s consultation we urge you to do so ahead of the 12th October 2016 deadline.