PSD3: The Next Phase in Europe’s Payment Services Regulation

With the successful rollout of PSD2, the European Union (EU) continues to advance innovation in the payments domain through the anticipated introduction of the Payment Services Directive 3 (PSD3). On June 28, 2023, the European Commission published a draft proposal for PSD3 and the Payment Services Regulation (PSR). The finalized versions of this directive and associated regulation are expected to be available by late 2024, although some predictions suggest a more likely timeline of Q2 or Q3 2025. Given that member states are typically granted an 18-month transition period, PSD3 is expected to come into effect sometime in 2026. Notably, the Commission has introduced a regulation (PSR) alongside the PSD3 directive, ensuring more harmonization across member states as regulations are immediately effective and do not require national implementation, unlike directives.

PSD3 shares the same objectives as PSD2, i.e. increasing competition in the payments landscape and enhancing consumer protection. However, PSD3 aims to deepen these efforts with a focus on enhancing security, fraud prevention and inclusivity, broadening open banking, further leveling the playing field for competition and innovation, and enhancing consumer rights:

Enhanced Security, Fraud Prevention, and Inclusivity: PSD3 focuses on strengthening the security of electronic payments. As technology advances, so do fraud tactics, such as "spoofing". To combat these, PSD3 is expected to implement several improvements:
More rigorous Strong Customer Authentication (SCA) requirements, including clearer criteria for SCA exemptions and mandatory SCA for mobile wallet enrolment.
Integration of biometrics and potentially machine learningalgorithms to enhance security without compromising user convenience. This includes strengthened transaction monitoring measures, utilizing extensive data about the payments to assess risks, such as user location, transaction times, devices used, spending habits, and device IP addresses.
Accessibility-focused SCA methods, ensuring that complex multi-factor authentications provide alternatives to ensure maximum inclusivity for elderly users or people with disabilities. The Commission proposes to drop the PSD2 requirement that MFA factors must belong to two different categories (knowledge, possession, and inherence), which may, however, lead to a serious reduction in security.
Verification Of Payee (VOP): Mandatory payee validation checks for all credit transfers, aligning with the "Instant Payment Directive", which also mandates this for all instant payments.
A legal framework to facilitate the sharing of fraud-related information between banks.
Broadening of Open Banking: Building on the open banking concept introduced by PSD2, PSD3 is set to expand this framework, enhancing user-friendliness. Despite expectations, unfortunately PSD3 does not propose standardization of all data streams. However, it does introduce several elements to make open banking more appealing:
- A (permission) dashboard for customers to monitor and manage all consents given to third parties, with the ability to withdraw data access at any time.
- An obligation for banks to provide an alternative interface in case of outages.
- Mandatory quarterly publication of statistics on API interface availability and performance.
- A list of prohibited obstacles to data access, such as restricting payments initiation via a Payment Initiation Service Provider (PISP) to payees on the payer’s approved list.
- The European Commission published at the same moment as the PSD3 and PSR proposals, also a proposal for FIDA (Financial Data Access) or FiDAR (Financial Data Access Regulation). This extra regulation offers a legal framework for sharing customer data between different entities active in the financial services sector. The FiDAR regulation reuses the concept of consent management of PSD2, but can also be used to share other types of financial data, like credit, securities or insurance data.
Fair Competition and Market Integration: PSD3 seeks to ensure that non-bank financial entities have equal access to banking infrastructure, potentially reshaping the competitive landscape and fostering innovative financial services:
- Inclusion of new types of financial services and technologies not previously covered, such as cryptocurrencies, digital wallets, and peer-to-peer payment platforms.
- Prohibition for banks to refuse a bank account to non-bank PSPs without substantive reasons, such as suspicion of illegal activities.
- More stringent restrictions on the use of the eMoney exemptions, such as the use of the commercial agent exemption by platforms and marketplaces.
Enhancing Consumer Rights: PSD3 aims to increase transparency and protection in currency conversion charges and payment transactions:
- Greater transparency on currency conversion and ATM charges.
- Clear identification of payees on account statements.
- Limitations on the duration and amount of pre-authorizations(held funds).
- A framework for cash withdrawal services, such as allowing retailers to offer cash withdrawals or exempting certain ATM operators from licensing.

As the details of PSD3 are still under development, much discussion about its content remains speculative. Nevertheless, the directive is expected to significantly evolve the EU’s payments landscape, with an emphasis on security, consumer protection, and market integration. It is advisable for banks and PSPs to begin preparing in the outlined domains to ensure readiness once the regulation takes effect.

Comments

Transforming the insurance sector to an Open API Ecosystem

1. Introduction "Open" has recently become a new buzzword in the financial services industry, i.e. open data, open APIs, Open Banking, Open Insurance …, but what does this new buzzword really mean? "Open" refers to the capability of companies to expose their services to the outside world, so that external partners or even competitors can use these services to bring added value to their customers. This trend is made possible by the technological evolution of open APIs (Application Programming Interfaces), which are the digital ports making this communication possible. Together companies, interconnected through open APIs, form a true API ecosystem , offering best-of-breed customer experience, by combining the digital services offered by multiple companies. In the technology sector this evolution has been ongoing for multiple years (think about the travelling sector, allowing you to book any hotel online). An excellent example of this

Are product silos in a bank inevitable?

Silo thinking is often frowned upon in the industry. It is often a synonym for bureaucratic processes and politics and in almost every article describing the threats of new innovative Fintech players on the banking industry, the strong bank product silos are put forward as one of the main blockages why incumbent banks are not able to (quickly) react to the changing customer expectations. Customers want solutions to their problems and do not want to be bothered about the internal organisation of their bank. Most banks are however organized by product domain (daily banking, investments and lending) and by customer segmentation (retail banking, private banking, SMEs and corporates). This division is reflected both at business and IT side and almost automatically leads to the creation of silos. It is however difficult to reorganize a bank without creating new silos or introducing other types of issues and inefficiencies. An organization is never ideal and needs to take a number of cons

RPA - The miracle solution for incumbent banks to bridge the automation gap with neo-banks?

Hypes and marketing buzz words are strongly present in the IT landscape. Often these are existing concepts, which have evolved technologically and are then renamed to a new term, as if it were a brand new technology or concept. If you want to understand and assess these new trends, it is important to reduce the concepts to their essence and compare them with existing technologies , e.g. Integration (middleware) software ensures that 2 separate applications or components can be integrated in an easy way. Of course, there is a huge evolution in the protocols, volumes of exchanged data, scalability, performance…, but in essence the problem remains the same. Nonetheless, there have been multiple terms for integration software such as ETL, ESB, EAI, SOA, Service Mesh… Data storage software ensures that data is stored in such a way that data is not lost and that there is some kind guaranteed consistency, maximum availability and scalability, easy retrieval and searching

IoT - Revolution or Evolution in the Financial Services Industry

1. The IoT hype We have all heard about the "Internet of Things" (IoT) as this revolutionary new technology, which will radically change our lives. But is it really such a revolution and will it really have an impact on the Financial Services Industry? To refresh our memory, the Internet of Things (IoT) refers to any object , which is able to collect data and communicate and share this information (like condition, geolocation…) over the internet . This communication will often occur between 2 objects (i.e. not involving any human), which is often referred to as Machine-to-Machine (M2M) communication. Well known examples are home thermostats, home security systems, fitness and health monitors, wearables… This all seems futuristic, but smartphones, tablets and smartwatches can also be considered as IoT devices. More importantly, beside these futuristic visions of IoT, the smartphone will most likely continue to be the center of the connected devi

Neobanks should find their niche to improve their profitability

The last 5 years dozens of so-called neo- or challenger banks (according to Exton Consulting 256 neobanks are in circulation today) have disrupted the banking landscape, by offering a fully digitized (cfr. "tech companies with a banking license"), very customer-centric, simple and fluent (e.g. possibility to become client and open an account in a few clicks) and low-cost product and service offering. While several of them are already valued at billions of euros (like Revolut, Monzo, Chime, N26, NuBank…), very few of them are expected to be profitable in the coming years and even less are already profitable today (Accenture research shows that the average UK neobank loses $11 per user yearly). These challenger banks are typically confronted with increasing costs, while the margins generated per customer remain low (e.g. due to the offering of free products and services or above market-level saving account interest rates). While it’s obvious that disrupting the financial ma

Beyond Imagination: The Rise and Evolution of Generative AI Tools

Generative AI has revolutionized the way we create and interact with digital content. Since the launch of Dall-E in July 2022 and ChatGPT in November 2022, the field has seen unprecedented growth. This technology, initially popularized by OpenAI’s ChatGPT, has now been embraced by major tech players like Microsoft and Google, as well as a plethora of innovative startups. These advancements offer solutions for generating a diverse range of outputs including text, images, video, audio, and other media from simple prompts. The consumer now has a vast array of options based on their specific output needs and use cases . From generic, large-scale, multi-modal models like OpenAI’s ChatGPT and Google’s Bard to specialized solutions tailored for specific use cases and sectors like finance and legal advice, the choices are vast and varied. For instance, in the financial sector, tools like BloombergGPT ( https://www.bloomberg.com/ ), FinGPT ( https://fin-gpt.org/ ), StockGPT ( https://www.as

PFM, BFM, Financial Butler, Financial Cockpit, Account Aggregator… - Will the cumbersome administrative tasks on your financials finally be taken over by your financial institution?

1. Introduction Personal Financial Management (PFM) refers to the software that helps users manage their money (budget, save and spend money). Therefore, it is often also called Digital Money Management . In other words, PFM tools help customers make sense of their money , i.e. they help customers follow, classify, remain informed and manage their Personal Finances. Personal Finance used to be (or still is) a time-consuming effort , where people would manually input all their income and expenses in a self-developed spreadsheet, which would gradually be extended with additional calculations. Already for more than 20 years, several software vendors aim to give a solution to this , by providing applications, websites and/or apps. These tools were never massively adopted, since they still required a lot of manual interventions (manual input of income and expense transaction, manual mapping transactions to categories…) and lacked an integration in the day-to-da

Can Augmented Reality make daily banking a more pleasant experience?

With the increased competition in the financial services landscape (between banks/insurers, but also of new entrants like FinTechs and Telcos), customers are demanding and expecting a more innovative and fluent digital user experience. Unfortunately, most banks and insurers, with their product-oriented online and mobile platforms, are not known for their pleasant and fluent user experience. The trend towards customer oriented services , like personal financial management (with functions like budget management, expense categorization, saving goals…) and robo-advise, is already a big step in the right direction, but even then, managing financials is still considered to be a boring intangible and complex task for most people. Virtual (VR) and augmented reality (AR) could bring a solution. These technologies provide a user experience which is more intuitive, personalised and pleasant , as they introduce an element of gamification to the experience. Both VR and AR

Deals as a competitive differentiator in the financial sector

In my blog " Customer acquisition cost: probably the most valuable metric for Fintechs " ( https://bankloch.blogspot.com/2020/06/customer-acquisition-cost-probably-most.html ) I described how a customer acquisition strategy can make or break a Fintech. In the traditional Retail sector, focused on selling different types of products for personal usage to end-customers, customer acquisition is just as important. No wonder that the advertisement sector is a multi-billion dollar industry. However in recent years due to the digitalization and consequently the rise of Digital Marketing , customer acquisition has become much more focused on delivering the right message via the right channel to the right person on the right time . Big tech players like Google and Facebook are specialized in this kind of targeted marketing, which is a key factor for their success and multi-billion valuations. Their exponential growth in marketing revenues seems however coming to a halt, as digi

Low- and No-code platforms - Will IT developers soon be out of a job?

“ The future of coding is no coding at all ” - Chris Wanstrath (CEO at GitHub). Mid May I posted a blog on RPA (Robotic Process Automation - https://bankloch.blogspot.com/2020/05/rpa-miracle-solution-for-incumbent.html ) on how this technology, promises the world to companies. A very similar story is found with low- and no-code platforms, which also promise that business people, with limited to no knowledge of IT, can create complex business applications. These platforms originate , just as RPA tools, from the growing demand for IT developments , while IT cannot keep up with the available capacity. As a result, an enormous gap between IT teams and business demands is created, which is often filled by shadow-IT departments, which extend the IT workforce and create business tools in Excel, Access, WordPress… Unfortunately these tools built in shadow-IT departments arrive very soon at their limits, as they don’t support the required non-functional requirements (like high availabili

Bankloch

Search This Blog