A first look at the European Commission’s newest proposal, which has consumer rights and secure digital payments at its core.
Since its creation, PSD2 has been widely successful in revamping the EU payments market. At the same time, it has also maintained a focus on consumer protection and user experience.
However, PSD2 has also had its fair share of shortcomings — across various EU Member States, PSD2 requirements haven't always been implemented in the same way, and its alignment with other EU legislation (such as GDPR or eIDAS) has sometimes been unclear.
With this in mind, the European Commission saw fit to introduce a new version of PSD2 legislation that can effectively take on the current (and future) challenges within the digital payments landscape.
In June 2023, the Commission rolled out its newest drafted proposal to further modernize payment services and bolster the security of consumer data in electronic payments. The Commission’s proposal comprises two main elements: It amends the revised Payment Services Directive (PSD2), which will now become known as PSD3. It also establishes the drafted Payment Services Regulation (PSR).
Introducing PSD3
The European Commission’s plans for PSD3 have been driven by some of the most significant societal trends and challenges that have taken place during the past few years. In a recent press release, the Commission writes:
Electronic payments in the EU have been constantly growing, reaching €240 trillion in value in 2021 (compared with €184.2 trillion in 2017). This trend was accelerated by the COVID-19 pandemic. New providers, enabled by digital technologies, have entered the market, in particular providing ‘open banking' services – i.e., securely sharing financial data between banks and financial technology firms (‘fintechs'). More sophisticated types of fraud have also emerged, putting consumers at risk and affecting trust.
In response to these issues, the PSD3 proposal lays the groundwork to ensure that the EU's financial sector can properly adapt to the industry’s ongoing digital transformation — as well as the risks and opportunities that come along with it.
What Are the Proposed Changes to PSD2?
PSD3 has been designed to rectify some of the aforementioned shortcomings of PSD2. The proposed directive can be broken down into five core areas that relate to user rights, fraud protection, open banking, access to payment systems, and enforcement by EU Member States.
Here’s how PSD3 will carry out its main objectives:
1. Enhancing consumer rights and access to information
PSD3 looks to build upon the focus on consumer rights that are present in PSD2 — more specifically, it looks to increase transparency on information that’s provided to consumers.
With this objective in place, payment service providers (PSPs) will be obliged to provide consumers with information regarding their account statements and more transparent information related to potential ATM charges.
2. Strengthening measures to combat payment fraud
A key part of the PSD3 is the proposal’s plan to build upon PSD2’s Strong Customer Authentication (SCA) requirements on all electronic payments, which includes transactions made using both EU and non-EU currencies. Furthermore, PSD3 takes into account the latest revisions to SCA requirements that came into effect in July 2023. Additional proposed prevention measures include:
- Requiring PSPs to verify the consistency between the name and unique identifier of a payee before the initiation of credit transfers
- Giving PSPs a legal basis to share fraud-related information between themselves
- Increasing transaction monitoring
- Expanding consumer refund rights
- Introducing an obligation for PSPs to educate their staff and customers on the risks and consequences of payment fraud
3. Improving the function of open banking services
PSD3 looks to boost the competitiveness of open banking services by making them more accessible to consumers. More specifically, the proposed changes look to improve the performance of data interfaces, remove obstacles to open banking services, and provide increased consumer control over data access permissions.
4. Granting non-bank PSPs access to EU payment systems
This condition more strictly obliges banks to provide bank account services to non-bank PSPs (for example, Stripe, PayPal, or Amazon Pay). With appropriate safeguards in place, this component of PSD3 gives these non-bank PSPs the right to have a bank account.
5. Giving EU Member States more power to enforce regulation
PSD3 facilitates the systematic implementation of its requirements in EU Member States. It will streamline the enforcement of the legislation across the EU — especially portions that have previously been somewhat incoherent between different countries. The creation of the Payment Services Regulation (PSR) is directly connected to this objective, which we’ll get into next.
Payment Services Regulation (PSR)
Alongside PSD3, the Payment Services Regulation (PSR) is the second legislative act included in the European Commission’s drafted proposal. The PSR regulation lays out rules for PSPs with the goal of implementing streamlined provisions for payment services across the EU.
Similarly to PSD3, the PSR sets out to protect user rights and aims to provide greater choice of payment service providers on the market. In terms of its enforcement, the PSR regulation will apply directly and consistently across all EU Member States.
Overall, the topics included in the PSR relate to SCA requirements, SCA exemptions, transaction monitoring requirements, transaction risk analysis, and security measures to safeguard the confidentiality of user credentials.
When Will PSD3 Come Into Effect?
PSD3 is still in its early days. However, if we look back at the timeline of PSD2’s introduction, adoption, and implementation, we can also make some predictions about the next steps for PSD3. If developments for the new directive play out similarly to those of PSD2, it could be reasonable to assume that the new directive could be adopted during the next few years.
The proposed initiatives included in both PSD3 and the PSR have been designed not only to foster and improve user trust, but also to encourage more consumers to embrace digital payments. For these reasons, it's crucial for businesses and consumers alike to keep abreast of developments related to these initiatives and prepare themselves accordingly.