Whilst the UK is no longer technically obligated to follow EU legislation, the UK and EU payments industry is so intertwined that the UK is likely to come under pressure to review and calibrate our equivalent domestic rules with PSD3. The widely-held expectation is that UK regulators will review PSD3 legislation ahead of its implementation and announce equivalent UK rules to achieve the same, if not better, outcomes for the UK payments industry.
So, how does PDS3 change things for EU firms and what can UK businesses expect when the regulations come into force?
Since the introduction of PSD2 in 2019, the payment services market has seen significant changes. These include the phenomenal growth of electronic payments, the entry of new fintech players, the emergence of open banking and new use cases like instant payments, contactless payments, crypto payments, Buy Now Pay Later (BNPL), embedded finance and Request to Pay.
The EU Commission opened consultations into revisions for PSD2 in May 2022 to measure and review the impact of PSD2 and consider developments in the payments landscape since the introduction of PSD2. As a result of the evaluation, which included advice from the European Banking Authority (EBA), a general and targeted public consultation and a report from an independent consultant, the European Commission decided to propose amendments to PSD2.
We support and simplify your PSD2 strategy to help meet customer expectations for payment safety, speed and convenience and we automate customer authentication (SCA) decisions to support an efficient, strong and PSD2-compliant process. Our suite of solutions helps businesses recognise trusted users and spot suspicious anomalies in near real-time, through passive authentication that supports convenient digital interactions by utilising multi-dimensional digital, physical and behavioural identity intelligence.
PSD2, or the Second Payment Services Directive, is a regulatory framework introduced by the European Union around 2019 to enhance security, innovation and competition in the payment services industry. Some of the main requirements of PSD2 include the implementation of strong customer authentication (SCA), open banking APIs and the establishment of new roles such as Account Information Service Providers (AISPs) and Payment Initiation Service Providers (PISPs).
Strong customer authentication (SCA) mandates the use of multi-factor authentication to verify the identity of any consumer accessing their account online, initiating an electronic transaction or executing other high-risk transactions through a remote channel that might carry a risk of fraud. Multi-factor authentication requires that the customer can correctly present two out of three identifying factors:
One of the significant achievements of PSD2 is the promotion of open banking, enabling consumers to share their financial data securely with authorised third-party providers. This has led to increased competition, innovation, and the development of new services and products in the financial industry.
PSD2 allows for the integration of new third-party providers (TPPs) such as Payment Initiation Service Providers (PISPs), Account Information Service Providers (AISPs), and Card Issuer Service Providers (CISPs). This integration enables organisations to offer more seamless and innovative payment options to their customers.
Securing digital payments for Card Not Present (CNP) transactions with Strong Customer Authentication (SCA) has also resulted in a notable decline in card-not-present fraud, according to the European Central Bank.