What is the PSD3 Directive?
The Payment Services Directive 3 (PSD3) is a proposal by the European Commission to update the current European Payment Services Directive 2 (PSD2), with the aim of strengthening the protection of digital payment users and establishing an integrated and efficient regulation for financial services.
On 28 June 2023, the Commission presented these proposals in a press release, which, once adopted, will officially trigger PSD3.
In this article, we will explore in detail what PSD3 is and why it is important for businesses processing online payments in the EU. We will also look at the highlights of PSD3 and how it will impact the payments industry.
PSD2 and PSD3: A balance sheet and prospects for the future of payment services in Europe
In 2018, the European Payment Services Directive 2 (PSD2) gradually came into force, revolutionising the financial world with the introduction of “Open Banking”. This regulation has brought greater security, ease and efficiency to online transactions, thanks to measures such as strengthened customer authentication (SCA) to reduce payment fraud.
While PSD2 has made significant progress, there are still challenges to be addressed. In response to these challenges, the European Commission has put forward a series of proposals that seek to improve and modernise regulation, laying the groundwork for the Payment Services Directive 3 (PSD3) and moving from “Open Banking” to “Open Finance”. These proposals aim to bring payments and the financial sector into the digital age, fostering competition, innovation and greater access to financial services while increasing user protection.
PSD3: The highlights
The PSD3 proposal addresses several key issues to improve the payment system in Europe, as summarised in the European Commission’s press release:
- Combating and mitigating payment fraud: PSD3 seeks to implement additional measures to protect consumers and businesses against payment fraud, thereby strengthening security and trust in online transactions.
- Enhance consumer rights: PSD3 establishes stricter requirements to ensure consumer protection in online payments, including strong customer authentication (SCA) and personal data protection in line with the General Data Protection Regulation (GDPR).
- Further level the playing field: PSD3 aims to promote greater competition and level the playing field between banks and non-banks, which will foster innovation and expand choice for consumers and businesses.
- Improve the functioning of Open Banking: PSD3 aims to improve the user experience and reliability of Open Banking APIs, simplifying the application of strong customer authentication (SCA) and promoting the adoption of Open Banking services by businesses and consumers. It thus facilitates better access to inter-account payments (A2A) for businesses.
- Improve cash availability: PSD3 aims to ensure the availability of cash in shops and through ATMs, which will ensure that consumers have access to convenient and secure cash payment options.
- Strengthen regulatory harmonisation and compliance: PSD3 seeks to strengthen regulatory harmonisation and compliance across the EU, ensuring that businesses comply with established requirements and promoting consistency in the online payments market.
- Sharing financial data beyond payment accounts: PSD3 proposes to share customer financial data beyond payment accounts, which will enable a more complete view of users’ financial situation and facilitate the development of customised corporate treasury solutions.
These highlights reflect PSD3’s intention to address existing challenges and improve the security, transparency and efficiency of payments in Europe, benefiting both consumers and businesses.
New IBAN/name verification requirements
One of the most prominent proposals in the legislation is the extension of mandatory IBAN/name checks for all SEPA credit transfers, instead of only for instant SEPA credit transfers as set out in an earlier legislative proposal. This will require the receiving bank to verify whether the unique identifier (IBAN number) and the name of the beneficiary provided by the payer match.
This measure aims to combat payment fraud and provide greater security and protection for consumers. However, it poses technical challenges for traditional banks relying on legacy systems, as they will need to adapt their systems to handle the volume of IBAN/name verification queries instantly and efficiently.
Improvements to the Open Banking APIs
Let’s detail below this aspect, one of the highlights of PSD3, as mentioned above.
With PSD3, it seeks to address these issues. The proposal includes simplifying the implementation of strong customer authentication (SCA) in Open Banking. Instead of requiring SCA for every access to account information and every payment initiation, PSD3 will make SCA mandatory only for the first access to account information.
In addition, PSD3 will require payment service providers (PSPs) to ensure that all users can benefit from SCA methods tailored to their needs and situations, without relying on a single technology, device or mechanism, such as the possession of a smartphone.
These enhancements aim to provide a more seamless user experience and improve the reliability of Open Banking APIs, which will promote greater adoption of Open Banking services by businesses and consumers.
How to successfully prepare for the impact of PSD3
PSD3 implementation can present challenges for businesses, such as complexity of requirements, changes in business processes, investments in technology and resources, and balancing security and user experience.
Businesses processing online payments in the EU will need to comply with strong customer authentication (SCA), protect consumers’ personal data and comply with privacy regulations such as GDPR. In addition, PSD3 will allow access to payment accounts and payment initiation services by new players in the market, which will foster competition and innovation.
To prepare for PSD3, businesses need to familiarise themselves with the requirements and take proactive steps by planning and preparing in advance. This involves educating staff on the changes and implications of PSD3, assessing and upgrading existing infrastructure and systems, collaborating with payment service providers and fintech solutions, and reviewing and updating policies and contracts to ensure PSD3 compliance.
PSD3 implementation can present challenges for businesses, such as complexity of requirements, changes to business processes, investments in technology and resources, and balancing security and user experience.
Since the first PSD1 was introduced in 2007, the financial landscape has changed and advanced by leaps and bounds, driven in part by digital transformation. This has highlighted the need to adapt the legislature to reality in order to maximise the potential and opportunities of Open Banking and Open Finance.
Thus, in 2018 PSD1 was replaced by PSD2 and soon the latter will be replaced by PSD3.
Although it is still too early to know when this third revision will come into force, following the latest press release and intention to materialise the proposals, it is expected that the European Commission will draft the legislation in the coming months and that after its approval each EU/EEA country will have a deadline to transpose it into their national legislation.
Although we are still at an early stage, taking into account that the time it took for PSD2 to replace the first PSD was 5 years, it is estimated that PSD3 will enter into force in 2026 or even later.
Once PSD3 is decided and ratified into law, after an implementation period both businesses that accept electronic payments and the banks and financial institutions that process and manage them will be obliged to comply with PSD3. Considering that European countries had two years to incorporate PSD2 into national legislation after its approval by the European Commission, and that businesses had two to three years to fully comply with PSD2 after that, unless the process is accelerated, it could take a minimum of three years before PSD3 becomes EU law and businesses have to fully comply with it.
The Payment Services Directive 3 (PSD3) is a significant regulation that will strengthen the safety and security of online payments in the EU. Its implementation will require businesses to meet stricter customer authentication, data protection and compliance requirements. Fintech solutions will play a key role in helping businesses comply with PSD3 and improve the security of their online financial transactions. By preparing adequately and collaborating with trusted providers, businesses can adapt to regulatory requirements and take advantage of the opportunities that PSD3 offers for a more secure, transparent and efficient online payments environment.
Snab: your partner in PSD3 compliance and the security of your online financial transactions
The European Union’s Payment Services Directive 3 (PSD3) has had a major impact, establishing new requirements for companies that process online payments in the EU. In this context, having a reliable and specialised solution in fintech services becomes essential. Snab is your strategic partner to comply with PSD3 and strengthen the security of your online financial transactions.
Snab, as a leader in enterprise financial management, offers a comprehensive platform for the collection and payment process for businesses. Our platform complies with PSD3 security and data protection standards, giving you peace of mind that your transactions are compliant and protected.
Snab has taken the opportunity provided by PSD2 and the Open Banking concept to offer you a platform that allows you to access your banking information and transactions in one place, centralising your banking and treasury management in Snab in a secure and compliant way. You will be able to synchronise and connect your ERP and all your banks, giving you greater control and insight into your financial movements and eliminating manual tasks and inefficient processes.