In June 2023, the European Commission proposed various developments on payment services, among them, the third directive on payment services (PSD3) as well as a dedicated text on regulations around payment services also called PSR for Payment Services Directive or RSP in French.
What is the purpose of the PSR? The goal of the PSR is to clarify the operational aspects of PSD3 by detailing the features needed to ensure compliance with the directive.
Among these new features, there are many changes expected regarding strong customer authentication and, more broadly, payment security.
Are you wondering how these changes will impact you as a merchant?
That’s the purpose of today’s article!
But before we dive into the new payment services regulations, it’s important to understand why these changes are necessary, what they entail, and their timeline
So let’s start with a short introduction to explain the differences between the directive and the regulations on payment services.
PSD3 vs. PSR: What’s the difference?
As mentioned in the introduction, the European Commission has introduced two major elements:
- The payment services directive: PSD3 follows the PSD2, which came into effect in 2018 and helped advance open banking. The new directive will allow each country to adapt the European Commission’s impacts into national law.
- The payment services regulation: This is a set of rules that must be followed across all EU member states, without the need to implement them into national laws.
You’ve probably understood by now that the regulatory framework of the PSR offers less flexibility to the EU member states.
But then, why was it implemented?
The new payment services regulation: What are the issues?
One of the main concerns in payment services is fraud prevention.
Despite digital advancements, fraud remains a persistent issue, leading to financial losses for all stakeholders in the payment value chain, including merchants and consumers.
One of the regulation’s objectives is to strengthen user protection against fraud and boost consumer trust.
The second major issue is the competitiveness of different payment service providers.
Banks have historically played a dominant role in payments, but with the introduction of PSD2, new players have emerged.
The challenge will be to continue the initial work undertaken, to encourage competition and foster innovation, which will give you more options for your payment providers—good news, right? 😊
The new payment services regulation: What’s new?
- Enhanced security for payment operations (e.g., transfers): We have written an entire article on the subject, which we invite you to read here.
Financial institutions will be required to verify the consistency between the beneficiary’s account number (IBAN) and their name or business name.
After verification, the information will be returned to the transfer initiator, allowing them to choose whether to proceed with the transaction.
- Increased fraud prevention: To reduce fraud rates, the PSR aims to enable traditional banks and new players to share key data, fostering better analysis and response to fraud.
- Changes to strong customer authentication (SCA): For services allowing access to bank accounts (AIS services), only one authentication will be required every six months, compared to every three months currently. For third-party payment initiation, strong authentication will still be needed for all transfers, regardless of the amount, for both standard (SCT) and instant (IP) transfers.
Psss… We invite you to check out our article on AISP and PISP if you want to learn more about the topic, as these are indeed services we offer at SlimPay 😊
- Strengthening data sharing: Under PSD2, traditional banks had to implement APIs (Application Programming Interfaces) to share data with other players. While banks currently have flexibility in what data they share, the new regulation will tighten API standards to harmonize data sharing and make the system more reliable.
And in terms of implementation?
Payment service providers are already preparing for these new developments from the European Commission to ensure compliance in due time.
Specifically, this involves:
- Identifying the regulatory impacts on the company’s payment flows and customer journeys to determine the necessary changes in payment processes
- Integrating these impacts into the company’s strategic planning, and to be transparent, we are right in the middle of this at SlimPay, a Trustly Company
- Final implementation and making these changes available to customers
Our group, Trustly, is one of the founding members of the ETPPA (European Third Party Provider Association), along with Bankin, Sofort (now Klarna), Ppro, and Eurobits.
The ETPPA was founded in 2019 and played a significant role in drafting PSD2, and is already working on PSD3. To demonstrate our commitment, we can say that Trustly has several employees who hold positions within the ETPPA.
From a legal standpoint, the PSR will be applicable 18 months after its approval and publication in the Official Journal of the European Union, which is expected this year.
Banks and new players will therefore have nearly two more years, depending on the publication date in 2024, to offer these new features.
To be continued, then 😊