We are currently living in the heyday of open banking, or the convergence of banks, customers, and third-party service providers through the use of application programming interfaces or APIs. Open banking has opened many doors for eCommerce businesses, extending their market from their home countries to other regions. But now that the payment technologies used for open banking have become more sophisticated, the security infrastructure that accompanies them has undergone some necessary evolution, too. This is the context in which the European Union’s Payment Services Directive 2, or PSD2, operates.
What is PSD2?
It all began in 2007 with the Payment Service Providers Directive (PSD), which sought to develop a single payment market in the European Union to promote innovation, competition, and efficiency in the European Union.
In 2013, the European Commission proposed an amendment, which aimed to enhance these objectives.
PSD2 came into full effect in September 2019, but the European Banking Authority has allowed constituents several time extensions for compliance. As of this writing, the latest extension stands in March of 2022. Before the compliance deadline looms, here’s what banks need to know about the E.U.’s PSD2 regulation. Learn about how your own bank’s PSD2 compliance ties in with the delivery of your corporate banking products.
Your Guide to the Rationale Behind PSD2
The chief provision of PSD2 is Strong Customer Authentication (SCA), which has a dual purpose of decreasing fraud and increasing authorization rates. In practice, this means that a bank’s customer or corporate client must undergo a multi-factor authentication process whenever they use their credit or debit card for online purchases. The process is meant to validate the customer’s identity and their status as an authorized cardholder. Thus, in essence, the rationale of PSD2’s SCA directive is this: improved customer authentication will lead to improved security for each online transaction.
Although there will be some exemptions, merchants that wish to do business in the E.U. must comply with PSD2’s SCA directive for multi-factor authentication. These include payments for subscriptions and payments with total values under €30. But the exemptions also depend on the gateway, so it’s necessary to brush up on the particulars.
What PSD2 Compliance Means for Banks?
There are some essential considerations that banks need to make where PSD2 implementation is concerned. First, acquiring and receiving banks that do business within the European Economic Area (EEA) must know this standard. Second, similar regulatory requirements may be issued for payments within Australia and New Zealand in the future.
Second, PSD2 also requires banks to follow the guidelines of ISO 20022 when defining data. That means that a bank looking to meet its PSD2 compliance deadline needs to onboard a technological solution that, by its very nature, already utilizes ISO 20022 base data models.
Third, the extent of authentication required for PSD2 may initially cause a high amount of friction for corporate clients—something that they won’t look forward to, given how urgent it is to make quick and accurate business payments. At the same time, the need remains for banks to incorporate multiple security elements for high-value corporate transactions. If the system is well-implemented, it will be easier for corporate clients to understand that PSD2 serves as added protection to their business and will shield them better from the plots of fraudsters.
How Will PSD2 affect the US Market?
Despite that the Payment Services Directive 2 (PSD2) is only being enforced in the European Economic Area (EEA), it will affect U.S. businesses.
Basically, the Strong Customer Authentication (SCA) order applies to all traders making business in the EEA. So, if your business meets the following examples, you may need to implement SCA-compliant transactions:
U.S. entity only but get E.U. customers and traffic
If your business gets a significant volume of traffic from Europe, setting up an E.U. entity could be a good idea.
U.S. business expanding into the E.U.
Businesses growing into Europe will need to comply with PSD2 and SCA, so making the transition as soon as possible is helpful.
U.S. headquarters but entities in the E.U.
Any U.S. businesses with entities in the E.U. will need to ensure that their European entities are PSD2-compliant and SCA-ready. Otherwise, you run the risk of declining authorization rates and even rejected payments.
Starting Points for Successful PSD2 Implementation
There are two significant steps that banks can take. The first step is to envision precisely what PSD2 implementation will look like, such as what authentication mechanisms will be involved. The second step is to follow that roadmap for a successful organization-wide rollout. Key points in the implementation include seamless API connectivity with third-party services and preparations to meet PSD2 and ISO 20022 compliance requirements simultaneously.
One thing that will make PSD2 compliance a lot easier on banks is an integration partner. The bank’s tech vendor can guide them through a good solution for corporate transaction processing and lay the groundwork for fully compliant online purchases. In addition, the pressure of overseeing high levels of authentication for transactions within EEA zones will be lifted somewhat thanks to a reliable solution.
There are big stakes for complying with PSD2 and successfully rolling out the SCA directive to your corporate banking operations. For one, you stand to increase both public and regulatory trust in your bank if you demonstrate how serious your institution is about the problem of fraud, especially if it involves high-value corporate transactions. For another, your bank will be regarded as an innovator in terms of the capability and extent of its payment solutions. Both end results will be highly favorable for your bank’s future growth.
Conclusion: The Road Ahead
It will help to see PSD2 compliance as more than just another regulatory headache that your bank needs to meet. A successful rollout will mean heightened protections for everyone involved in the open banking environment, and it will win you the confidence and patronage of your corporate clients who transact within the E.U.
Knowing that, strive for full PSD2 and SCA compliance, as well as more significant payment innovation within your banking system. This way, your bank, its corporate clients, and its customers will enjoy the full benefits of open banking.