Sep 10, 2023
Over the past two decades, the regulatory landscape surrounding electronic payments has evolved significantly. This shift can be partly attributed to the deregulation of traditional banks, which opened the field to a broader array of players, fostering innovation and competition. As part of the ongoing developments in the financial landscape, the European Commission has introduced the Payments Services Directive 3 (PSD3) and related legislation to enhance electronic payments regulation.
Before we delve deep into the implications, let’s first get a foundational understanding. The Payment Services Directive (PSD) is a European regulation meant to ensure more integrated and efficient payment services across the EU. PSD 1 started the journey by establishing a foundation for non-bank entities to operate in the payments sector. It introduced transparency on fees and advanced the Single Euro Payments Area (SEPA) initiative. Additionally, it set expectations for swift customer fund reimbursements following fraud incidents. PSD2 expanded the regulatory framework, introducing roles for non-bank payment initiation and information service providers. Strong Customer Authentication (SCA) was introduced as well. Now, PSD 3 is here to further refine and develop the payments landscape.
The recent announcements by the European Commission offer broad principles rather than detailed provisions, as other entities like the EBA need to finalize those aspects. Notably, the new proposals divide the responsibilities of PSD2. Authorizing payment and electronic money institutions falls under PSD3, while rules and controls for Payment Service Providers are addressed separately, under a new Payment Service Regulation (PSR).
Additionally, the Commission’s Financial Data Access (FIDA) and payments package proposal extends open banking regulations beyond PSD2. This shift toward regulation aims to ensure consistent implementation across EU member states.
The UK’s approach to defining PSD2 was proactive and pragmatic, but due to its exit from the EU, its alignment with this new framework is not yet clear.
Consumer Protection: Stronger consumer protection against fraud is proposed, in cases where customers are tricked into unauthorized money transfers due to impersonation of the Payment Service Provider (bank). (PSR article 59)
Credit Transfers: The requirement for payee name validation during credit transfers is to be expanded, apparently paralleling practices in the UK and requiring a consumer refund if any discrepancy in payee name isn’t highlighted when the transaction was undertaken. (PSR article 57)
Data Sharing: Specific provisions to share payment fraud data among stakeholders, promoting transparency and risk management practices. This addresses disparities in data protection regulations across European markets. (PSR Article 83)
Payment System Access: Non-bank payment service providers’ access to EU payment systems is extended. The focus may be to extend access rights to specific domestic schemes. (PSR Article 31)
Open Banking and Data Sharing (FIDA): FIDA intends to extend data sharing to a wider range of financial players, fostering innovation and competition. (FIDA proposal 2)
Cash Access at Retailers: Cash withdrawals up to €50 without an associated purchase will be permitted, possibly anticipating fewer ATMs. ATM providers will also need registration with competent authorities.
(PSD3 – Article 37 & 38)
Strong customer authentication (SCA): The Commission press conference advised that current SCA regulations are considered successful and will likely remain substantially unchanged. In this light, there is no indication that the current exemptions model will change either. Notably, however, the Commission clarifies that two elements from the same category in the SCA approach are acceptable (something that has previously been widely debated). (PSR Article 85)
PSD 3 Directive, while demanding in its expectations, aims to pave the way for a more secure, transparent, and efficient payment ecosystem in Europe. The consumer-oriented enhancements hope to improve consumer protection, increase data access/control, and further promote innovation in the payment sector.
The legislative process is in its initial stages, and it is anticipated that the regulation’s complete implementation and enforcement may not occur before 2027. The details will spark discussions and possibly unexpected directions, similar to the experience with PSD2.
In the meantime, both merchants and issuers might face some teething troubles during the initial stages of implementation. So, whether you’re a merchant eyeing European customers or an issuer looking to provide top-notch services, it’s a good idea to engage with your regulators and stay informed as the details become defined.