Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

PSD2 – a regulation for all

By Neil Smith, Head of Issuer Sales & Partnerships, EMEA and APAC at Verifi

It seems that there is always a new, disposable buzz word being thrown around in the finance sector, but PSD2 is definitely not one of them. The introduction of this new financial regulation is a rare example of one that’s impact will be felt extensively across Europe’s financial services industry.

Building on the foundation of the first Payment Services Directive (PSD), which was originally adopted in 2009, PSD2 aims to better protect consumers when they pay online, promote the development and innovation of online and mobile payments including open banking, and make cross-border European payment services safer.

By September 2019, all companies within the EU must adopt the new regulations, which will also lower fees for payment services while encouraging more frictionless payment methods, such as mobile, voice, and fixed internet payment services.

While frictionless payments and greater choice are obvious benefits to customers, fighting fraud is the most urgent issue facing issuers and merchants. In the UK alone, almost three-quarters of a billion pounds were lost to financial fraud across payment cards, remote banking, and cheques in 2018, according to UK Finance.

More specifically, the Home Office and its National Audit Office found that between 2011 and 2016 there were 1.4 million incidents of card-not-present (CNP) fraud. The Home Office has said that by 2019 it “wanted to see a very significant reduction” in CNP fraud, even though it has not been able to quantify what reduction will meet its expectations because “it depends on the solutions.”

Can PSD2 be the solution that the Home Office is waiting for? Broadly speaking, the answer is yes. Customer security is one of the cornerstones of PSD2, requiring merchants to implement strong customer authentication (SCA), such as two factor authentication (2FA) to verify transactions.

PSD2 and merchants

Merchants will now be able to take online or mobile payments by drawing directly from a customer’s bank account. Since merchants will be able to securely access the customer’s bank account for payment, complex authentication processes at checkout might no longer exist nor be easily circumvented by fraudsters.

Both Visa and Mastercard are strongly encouraging banks and merchants to implement 3-D Secure 2.0, which allows biometric authentication and meets requirements of PSD2. In 2019, Mastercard will dictate that merchants must use biometric authentication, known as Mastercard Identity Check. In fact, both Mastercard and Visa will mandate 3DS 2.0 on a market-by-market basis, which will force merchants to support 3DS 2.0.[4] [5]

The time for processing customer complaints has also been cut from eight weeks to 15 business days, so we can expect increased pressure on the chargeback process.

PSD2and issuers

PSD2 introduces opportunities for new payment initiation service providers (PISPs) to bring products to market. With PISPs, customers have the option to make payments direct from their bank accounts, rather than using a credit card or debit card as an intermediary. This means that they lose the protection that their card schemes afford them, so PSD2provides protections to tip the scales in their favour, including:

  • Legislation around the unconditional refund right which applies under SEPA Core Direct Debit scheme
  • With regards to pre-authorisation of card payments, when the final amount is unknown in advance, the payee will only be able to ‘ring-fence’ funds on the payer’s account when the cardholder has approved the exact amount to be blocked
  • Payment Service Providers must introduce dispute resolution procedures and will be required to respond to payment complaints within 15 business days of receipt
  • Member States are required to designate competent authorities to ensure and monitor compliance within PSD2 – this is the FCA in the UK

Retailers also will not be able to enforce a contract term requiring payment of a banned surcharge. In fact, they must repay it. This could well lead to customers initiating chargebacks for the excess amounts via their card issuer. Can we then expect an increase in chargebacks? As the Home Office insinuates, only time will tell.

PSD2 and acquirers

For remote electronic card payments, acquirers can avoid using SCA if their fraud rate (unauthorised transactions/total transactions) is below certain thresholds. For transactions up to €100, frictionless flow is allowed if the acquirers fraud rate is less than 0.13%; for amounts up to €250, the acquirer’s fraud rate must be less than 0.06%; while for transactions up to €500 require a fraud rate that is less than 0.01%

These are certainly stringent requirements and achieving such low rates of fraud can be a challenge for many acquirers that lack the purchase details needed to legitimise the transaction.Therefore, acquirers cannot easily discern “friendly” fraud from “true” fraud. Since only “true” fraud will be used to determine fraud rate, distinguishing “friendly” fraud from “true” fraud will be essential practice, since higher fraud rates will likely result in an increase in SCA demand and decrease the conversion rate for merchants.

If the acquirer uses a Transaction Risk Assessment (TRA) exemption, they have not attempted to validate with the issuer, but instead have opted to conduct their own risk analysis on whether the transaction was performed by the cardholder. As such, if the transaction is disputed, the liability is with the acquirer since they have not asked the issuer for this additional level of validation.

PSD2 and the industry

Card brands such as Mastercard, Visa and American Express have already made great strides towards implementing PSD2. Mastercard has already set out concrete plans, for what it calls a “world, not only beyond cash, but beyond cards as well”with Mastercard Send, an account-to-account transfer service that does not use its traditional card processing system.

But card issuers are only one side of the coin. Given the rapidly approaching PSD2 deadline, the entire payments industry needs to urgently double down on its efforts to improve education and collaboration. From the issuers’ side, it is very important to implement all the exemptions to help customers smooth their transactions.

Implemented correctly, PSD2 will completely change customers’ relationships with their money, through a multitude of new services including personalised financial dashboards, lifestyle payment apps, and uniquely tailored financial products and services for each customer.

This is a unique opportunity for the payments industry to make a drastic change to the way it operates, and it cannot afford to miss it. Ensuring that all involved know and understand the revolutionary potential that PSD2 can provide it paramount. This regulation will impact all parties involved in payments from sharing the data of those customers that consent with authorised third parties, to delivering more vigorous safeguards against fraud, it’s a win-win for everyone.