By Sham Visavadia, Solutions Consultant
As of June 28, 2023, the European Commission unveiled a series of proposals designed to revamp PSD2, transitioning it into PSD3, with a broader objective of digitally transforming the financial sector. Concurrently, the Commission released proposals outlining a new Payment Service Regulation (PSR).
The final version of PSD3 is expected to be released at the end of 2024 with a target effective date in 2026.
As the financial landscape continues its dynamic evolution, the introduction of Payment Services Directive 3 (PSD3) emerges as a transformative force reshaping the foundations laid by PSD2.
PSD3, a pivotal regulatory framework, sets out an ambitious agenda aimed at fortifying user protection by tackling fraud types PSD2 was not equipped to handle, introduce a level playing field between payment institutions, e-money institutions and banks in a bid to fostering open banking competitiveness, new enforcement mechanisms for the smooth functioning of opening banking and encourage transparency for both fees and payee details.
What is PSR?
The second legislative act of the European Commission’s proposal focuses on introducing the Payment Services Regulation (PSR), which will encompass all regulations related to payment service provider (PSP) activities focusing in particular on open banking rules, fees and charges for payment services and combating fraudulent transactions.
Key areas PSD3 will tackle:
Spoofing Fraud – New types of fraud have emerged for which PSD2 is not equipped.
For example, PSD3 will go beyond PSD2 tackling new types of fraud like “spoofing” (impersonation fraud), which blurs the distinction between unauthorised and authorised transactions, since the consent given by the customer to authorize a transaction is subjected to manipulative techniques by the fraudster, who for example uses the telephone number or email address of the bank.
The new proposed prevention measures include:
- An extension to all credit transfers of IBAN/name matching verification services.
- A legal basis for PSPs to share fraud-related information between themselves in full respect of GDPR (via dedicated IT platforms).
- The strengthening of transaction monitoring.
- An obligation by PSPs to carry out education actions to increase awareness of payment fraud among their customers and staff.
- An extension of refund rights of consumers in certain situations.
The proposal enables the granting of refund rights in two situations:
- Mismatch – Consumers who suffered damages caused by the failure of the IBAN/name verification service to detect a mismatch between the name and IBAN of the payee.
- Spoofing – Consumers falling victim of a “spoofing” fraud where the fraudster contacts the consumer pretending to be an employee of the consumer’s bank, tricking the consumer into carrying out some actions causing financial damages to the consumer.
Changes coming to Strong Customer Authentication
One of the key points raised about SCA was the cost of implementation for both Merchants and PSPs whilst overall authorisation rates have remained lower than previously indicated.
There will be additional changes and clarifications including:
- Clarification of which types of transactions are exempt from the obligation to apply SCA whilst also including safeguards to ensure payers are protected from fraud.
- Remote payments specific amount and payee must be explicitly linked to the transaction which it is to be authenticated payer.
- Banks holding payment accounts will only apply SCA for the first access to payment account data by open banking account information service providers unless there are reasonable grounds to suspect fraud.
- Reduced friction and Strengthen security for digital wallet transactions, bring processes in line with non wallet transactions
- Ensure SCA is adaptable to all users, in particular none single device reliance i.e. smart phones
Access to banking non-bank Payment Service Providers and Enforcement
The European Commission is keen to introduce a level playing field between Payment institutions, e-money institutions and banks.
The proposal includes PIs as possible participants in designated payment systems. Given the urgency of introducing this indispensable level-playing-field measure, Member States are given 6 months to transpose it into their national law.
Additionally, specific rules and enforcement mechanisms will be provided for Open banking given the importance of national supervision for the smooth functioning of open banking. The European Banking Authority will be granted new intervention powers, providing extra protection for consumers.
Fees and Payee Details
- Transfers from EU to third countries could require the PSP to inform the payment service user about the estimated charges for currency conversion and approx funds transfer times.
- The PSPs must include in payment account statements the information needed to unambiguously identify the payee.
- PSPs will be obliged to provide users with information on all applicable charges made by other ATM operators in the same Member State.
- Card amount-based authorisations must only block a proportionate amount based on the expected final amount.
Looking ahead to the future...
As we stand at the threshold of another evolution in the European payment landscape, the lessons learned from PSD2 underscore the necessity for adaptable and collaborative solutions.
Paydock’s orchestration platform can become a cornerstone in fortifying your payments ecosystem. Beyond merely addressing the challenges of the past, Paydock stands ready to empower merchants and financial institutions with the tools needed to rollout solutions ensuring regulatory compliance and seamless payment journeys.
In an era of dynamic regulatory changes, Paydock serves as a strategic ally, providing the agility and expertise required to stay ahead. As we embrace the transformative journey ahead, we look forward to ensuring that businesses can not only weather the changes but thrive in a secure, transparent, and innovative payment environment. The future of European payments beckons, and with Paydock, it promises to be a future of resilience, collaboration, and unparalleled success.