PSD2morrow: Ready, set, go!

Yesterday, the European Commission announced it would assess the impact of PSD2 and issued a call for evidence into the mandatory review of the directive. Plaid and our colleagues in the industry have been eagerly awaiting the consultation for months as open banking legislation is ready for its next iteration!

Over the past 5 years, PSD2 has brought tremendous benefits to consumers and driven innovation in the financial services sector. It has truly put open banking on the map. As with all European legislation, it is subject to a mandatory review, which includes a consultation for the public and industry stakeholders. This is an important time to take stock of what can further be done to harness benefits and to iron out challenges in the market - and Plaid welcomes the opportunity to participate, provide data and share experiences in bringing AIS and PIS solutions to the market. We’ll be tracking this closely through the consultation deadline, July 5th, 2022 – and beyond!

Appropriately, for this month’s PSD2morrow blog series, we are featuring an analysis of the PSD2 review announcement itself! Because of this (welcome) timely announcement, we’ve split this month’s blog into two parts. Part one is an overview of the consultation and some key focus areas, and part two will see us answering our original questions for this month on the impact of PSD2.:

Part 1, The Commission Review Key Areas of Focus

New market players (e.g. financial technology companies or FinTechs): Offering new services that did not exist or were just emerging when PSD2 was adopted. For instance, some companies are increasingly offering payment services to complement other services or are offering non-payment services to facilitate a payment service. Others have introduced payment solutions using new technologies (e.g. digital or pass-through wallets, contactless payments). People’s payment habits and expectations have evolved too. The Commission will evaluate, among other things, whether the scope, exclusions and definitions of the Directive are still appropriate to ensure relevant market players are regulated, a level playing field exists, and risks are sufficiently mitigated. Aspects related to the level playing field will be considered according to the basic ‘same business, same risks’ approach, in particular for supervising payment services providers.

Strong Customer Authentication: PSD2 improved payment security by requiring payment services providers to apply strong customer authentication. New forms of payment fraud have however emerged, in particular in online transactions. As part of fraud prevention mechanisms, strong customer authentication rules and their impact on fraud rates will be assessed. Transparency requirements and rules on single payment transactions and framework contracts will be reviewed in light of market developments (e.g. the rules related to rights and obligations, such as the right of refunds). The Commission will assess whether amending the legislative framework is necessary to ensure new payment solutions are sufficiently secure, convenient and cost efficient. 

Access to Payment Account Data: PSD2 facilitated the offering of payment services based on access to payment account data. However, there are various challenges related to accessing payment accounts, and the review will assess how these challenges have been addressed. The review will also consider access to payment infrastructures and systems. It will also examine sanctioning powers as part of enforcing PSD2.

Cross Border Payments: Taking into account the need to make international payments cost-efficient and transparent, the review will also assess international payment rules between the EU and other countries, as set out in the Directive’s review clause.

Part 2, Plaid’s analysis: A review of the impact of PSD2

What has been the impact of PSD2 on the providers offering payment services (domestic, cross-border and internationally)?

PSD2 opened up an entirely new payment modality for the market and has markedly improved the competition landscape for payment services in the EU. The two new services - Payment Initiation services alongside Account Information Services enabled a new wave of easy, safe, and affordable financial transactions that rely on existing cross-border infrastructure such as SEPA (instant and classic) payment rails. This led to an increase of TPP offerings in the market - leading to better services, more competition and a broadened set of choices for consumers. Despite that - we still see that open banking enabled offerings are just coming out of their most nascent stage, and that with continued investment and infrastructural development (like instant payments through the SEPA SCT Inst scheme) the market share for open banking payments and services will continue to grow. 

There were  also efforts to strengthen the position of the consumer - PSD2 further enshrined the Payment Service User (consumer) as the center for the financial process - by enhancing safety protocols across areas such as Strong Customer Authentication and timed re-consent.

Despite PSD2 being a welcome amendment in the payment services regulatory toolbox - it also highlighted a fragmented European payments landscape, with difficult interactions with ASPSPs (banks) whose practices traditionally resulted in obstacles to accessing data, as well as national practices that discriminated against non-local IBAN transactions, both of which contravene PSD2.  Further, from an international perspective - it is clear that the PSD2 regime is being emulated in other jurisdictions and kickstarting open banking reform (Canada, Dodd Frank review in the USA) but that as a result of the limitations experienced in the market due to PSD2 - we see other markets leapfrogging ahead.

What has been the impact of PSD2 on the users of payment services (transparency, liability, fraud prevention, etc.)?

Transparency: The transparency requirements in PSD2 are designed to enhance a consumer’s understanding of the financial product and liability model of the service that they are entering into. The requirement for explicit consent and information requirements further strengthens the consumers primacy in the transaction sequence.

Liability: PSD2 protects consumers by attributing liability to, for instance, PIS providers in the event of something going wrong. Although we understand that the user must be exempt from liability arising from faulty payment apparatus, this liability should be further honed to also include errors made by ASPSPs in receiving API information.

Fraud Prevention: Strong customer authentication (SCA) provides a high degree of protection against fraud in the practical application of PSD2 services. AML and transaction monitoring requirements enshrined in PSD2 provide a high level of further protection complimentary to the checks carried out by ASPSP (such as  the transaction monitoring requirements incumbent on AISPs). However, although Plaid complies with all regulations incumbent on it,  we are also of the opinion that the current level of burden on TPPs that provide PIS/AIS is too high for parties that do not enter into the flow of funds. SCA itself is a good thing for the open banking ecosystem - it is baked into open banking transactions and generally provides a much smoother experience than card payments that are subject to SCA through third party screens and methods. Considering the safe nature of open banking payments and the very low incidence of fraud compared to other payment methods, Plaid would like to see PIS payments be further strengthened by embedded app-to-app SCA solutions, not SCA obstacles applied superfluously by ASPSPs. Finally - 180 day reconsent should also be managed at TPP level moving forward - so that every party in the ecosystem knows where they stand and how they contribute to a safe, reduced fraud and effective payment value chain.

Mobile-First Commerce: Commerce is increasingly being driven to mobile devices, in part in response to the COVID-19 Pandemic as well as ongoing trends, payment and app based solutions enabled by PSD2 offer a more consumer centric and secure user experience for users. 

That’s all for now - stay tuned for our next blog that will tackle the question “To what extent is the supervisory framework still fit for purpose?” and “What lessons can be learned from the implementation of access to payment accounts in view of open banking?”

Do you want to know more, or are you interested in the solutions Plaid can offer you & your business? Get in touch with us here.