History of banking remembers the transition from live queues in banks to modern ATMs – technology that at first many were cautious of, but not long after it was universally accepted. Now, we are seeing a new banking innovation taking place – open banking. The cornerstone of its legal framework in Europe is PSD2 – the European Union’s second payment services directive.
Passed into the law in January 2018 and enforced in EEA member states in the wake of 2021, PSD2 is now in effect – changing the ways customers interact and access their banks’ services across Europe. PSD2 is a descendant of the Payment Services Directive (PSD) passed in 2007, and it brought many changes to the banking sector.
PSD2 widens the geographical reach of PSD
The original PSD was only in effect for transactions where both the recipient’s and sender’s payment service providers (PSP) were located within the EU borders, and the currency used was one of its member states. However, under the PSD2 geographical scope of these transactions has been considerably widened. Only one PSP must be located within the EU for the PSD2 to trigger, regardless of currencies. The inclusion of these so-called “one leg out” transactions means that non-EU PSPs will have to follow PSD2 while interacting with the EU countries.
Dismantling of banks’ monopoly on data and services
One of the main aspects of PSD2 meaning is to open up the payment market to new third party financial service providers within the EU, increase competition, and limit the monopoly banks have over their customers’ data. The latter is achieved by forcing banks to have an open Advanced Programming Interface (API).
The open API lets businesses retrieve the account information of the customers with their consent. Therefore, ending the monopoly banks had over the data, allowing other companies to compete, creating cheaper and better options for various services.
With third party financial service providers entering the payment market, PSD2 defines two new regulated statuses: Account Information Service Provider (AISP) and Payment Initiation Service Provider (PISP). Both kinds of providers can interact with the customer’s bank’s API. While AISPs can retrieve customer account data for a service they are offering, PISPs can interact with the account itself and initiate transactions as a service.
Card surcharges ban
PSD2 aims to standardize and unify laws regarding surcharges across the EU. The original PSD left the choice to each country to decide on the surcharge laws. With PSD2, the additional fee applied to making transactions with credit or debit cards was banned. According to economists’ estimations, it potentially saves EU consumers over half a billion euros per year.
Improved security and authentication
The opening up of personal financial data creates enormous privacy and security risks for consumers. Therefore, new security requirements were introduced, particularly Strong Customer Authentication (SCA). It is applied to electronic payments over 30 euros and account access.
SCA requires transactions and logins to be authenticated by at least 2 out of 3 available methods. Customers can do that by using something only they know, like a password, something only they possess, like a phone, or something they are, like the biometrics of a fingerprint.