In addition to a wider scope than the first, the PSD2 also implements new services such as payment initiation and accounts information that have an impact on the CBS or the information system of banks and financial institutions.
1. Reminder: challenges of the payment services directive 2007/64/CE
The PSD1 objective was to set up a European market for services payment making the cross-border payments as easy, effective and certain as the payments made in a Member State.
By doing so, it constituted a legal framework capable of governing the payment instruments that enter in the SEPA perimeter (SCT, SDD and card) and particularly enabled the emergence of the European transfer and debit, instead of using national instruments.
Seeking to foster the competition between the participants, it outlined an open range of transactions “payment services”, above the credit establishments, to new contractors “payment establishments” and defined the rights and obligations linked to the “payment services” use and provision.
The application field was still limited to:
- Payment transactions in €, or in the currency of one of the 27 State members in the European Union and the 3 countries of the EEA (European Economic Area),
- Payments made by 2 payment service providers located in the EEA.
2. Context Evolution since 2009
In 2011, the European Banking Authority (EBA) creation confers on it the responsibilities and the tasks assigned to the European Banking Supervision Committee, to which the missions of customer protection, financial innovation and payments steering have been added.
The EBA has a wide range of legal instruments including the drafting of European directives, the production of technical standards , the trends… in order to reach their objectives and particularly to enhance the European convergence in terms of payment.
In the same time, the payment scenery evolves rapidly due to:
- The arrival of new actors and particularly the major internet actors,
The emergence of value added services, of which the new payment initiation modes,
- Strengthening the fight against fraud and taking into consideration the acquirement of each work done on a national and European level (Observatory for Payment Card Security).
3. PSD2 key points
A wider and positive application field:
- The provisions mentioned in titles 3 and 4 of the text apply to the transactions in all currencies when the PSPs involved in the payment transaction are located in the EU (“two-legs transactions”).
- The provisions mentioned in titles 3 and 4 of the text also apply to transactions in all currencies when one of the PSPs involved in the transaction is located in the EU and for the transaction part taking place in the EU (“one-leg transactions”).
The implementation of new services in terms of “payment initiation” and “accounts information”:
- Any client having an internet accessible payment account can use the payment services proposed by these new and licenced third party payment actors (AISP and PISP) by the competent authorities and registered in a public registry elaborated by the Member States.
- The “PSP (Payment Service Provider) account manager” cannot refuse to give access to a third-party payment unless for security reasons objectively justified and attested, as well as reported to the supervisory authorities.
- The range of payment services providers must adopt technologies that provide a strong authentication (one time) of the user. They must ensure that the personal data is transmitted in a secure way and only shared as per the user’s consent.
- In case of non-completion or bad completion of a payment order made via a third party payment, the client can refer to his “PSP account manager” in order to obtain the payment transaction amount, then the PSP account manager and the third-party payment must compensate him, as per their responsibility, in case of a performance incident.
- Payment transactions whose amount is not previously known: amount limitation can be blocked and obligation to unblock upon payment order receipt.
- Applicable fees: Banning the practice of “surcharging” for the card payments, as well as the transfers and SEPA deductions.
- The exempted amount supported by the client upon a non-authorised payment that follows the use of a lost or stolen payment instrument, is reduced to 50 € (instead of 150 € in the text currently in force).
- The information obligations have spread to all payment transactions to or from countries outside the European Union, including the currencies of these countries, in terms of the payment transaction part carried out in the European Union.
- Information to provide before performing individual payment transactions.
4. What are the PSD2 impacts on CBS?
The attached analysis grid shows the impact of new elements of the PSD2: psd2_impactsonCBS.
5. Next steps
Technical standards (RTS) are prepared by the EBA in cooperation with the ECB and the central banks. Projects must be submitted to the European Commission no later than 12 months after the adoption of the PSD2. They concern a strengthening of security:
- The enhanced client authentication in various internal workflows, external transmit and acquisition
- An appropriate level of security for all stakeholders.
The operational implementation of the DSP2 does not induce CBS adaptation work such as those provided by the implementation of the DSP1 (conditions and timelines of transactions, customer information obligations, pricing operations …).
But it is equally involving for institutions.
Beyond the issue of shared responsibility between the PSP payer’s account manager and the PSP payment initiator or the PSP account aggregator, the DSP2 text raises the question of the strategic position of banks to respect of their client, in the light of these new “roles”.
In this context, the expected publication of the EBA specifying “open API” governing the interfaces between the actors could be the trigger for a new generation of PSP emanating from the banks themselves.