Since PSD2 entered into force in January 2016, there have been countless discussions on the changes it requires and the impact it might have on businesses all over Europe. Payment processing experts, banking professionals and financial consultants have all voiced their assumptions, enthusiasm and concerns regarding the revised Payment Service Directive.
Even so, at this moment, only 3 months away from the deadline, the requirements seem quite daunting for some. There are still a lot of TPPs, banks or Fintech start-ups that continue to struggle to understand what PSD2 means for their business.
The scope of the directive is to harmonize the payment ecosystem and allow more players to get into the financial space by encouraging innovation, competition and collaboration. At first glance, the customers are the main beneficiaries, as they will enjoy the greatest added value, gaining access to new value propositions, services and solutions from new entrants, from banks and Fintech start-ups.
In terms of changes, the most important ones are Access-to-Account (XS2A) as well as the introduction and regulation of third-party payment service providers (TPPs).
Let’s say you’re making a new purchase from your favorite website. In the context of PSD2, the merchant will be able to securely access the consumer’s bank account and collect their payment after asking for permission. Basically, the merchant will act as a Payment Initiation Services Providers (PISP) and initiate the payment while the consumer’s bank, also known as Account Servicing Payment Service Provider (ASPSP), will manage the account. Long story short, the payment process will be faster and simpler as card schemes and other intermediaries will be removed.
The merchant and the bank will most likely communicate to each other using an API. In order to make sure all APIs will comply with the regulation (what data is transferred, what are the security protocols, what happens if things do not work as expected, etc.), the European Banking Authority has defined the Regulatory Technical Standards (RTS).
PSD2 also introduces the concept of Account Information Service Providers (AISP). AISPs will allow consumers to consolidate their bank account details from several different banks into an account aggregator. This represents a great window for new providers as they will be able to also gather relevant data about users and turn that into cross-selling opportunities.
Well, it is. PSD2 also means:
Merchants can act as PISPs and eliminate the need for a payment processor as they will be able to take the money directly from their customers’ accounts. This will result in instant payment confirmation, significantly reduced costs and less complex checkouts.
However, nothing ever comes easy. Should merchants want to become PISPs, they will definitely need to comply with the directive’s Regulatory Technical Standards and provide strong customer authentication and secure communications.
At this point, it still remains to be seen if merchants are open to this opportunity or believe that these requirements will only mean more work, higher costs and no added value.
Over the past couple of months there has been a lot of debate on whether PSD2 is indeed an opportunity for banks or a major threat. Regardless of the answer, it was clear from the beginning that if they wanted to remain relevant, something needed to be done. Assuming, of course, that banks really wanted to do more than comply as ASPSPs.
It is clear that PSD2 will be a game-changer in the European financial and payments space and it will allow numerous new players to enter the market. Yet, we’ll need to wait until January 2018 to see whether or not all parties involved had been able to take advantage of the changes and will increase their payment revenues.