The first stage of the European Payment Services Directive (PSD) was already transposed into national law in Germany in January 2018. Among other things, the strict liability limit for fraudulent card transactions was lowered and surcharging was prohibited. The general objective of the Directive is to enhance security and consumer protection in payments and to promote competition and innovation in the market.
PSD2 came into force on September 14th 2019. The second level regulates and permits access by ‘third parties’ to account information and makes strong customer authentication mandatory for payments. As a rule, the payer now requires two different characteristics from the areas of knowledge (e.g. PIN or password), possession (e.g. card or cell phone) and inherence (e.g. a fingerprint).
Skepticism and delay in online shopping
Online retailers feared massive incompletion rates of online orders due to the expanded security mechanisms. However, studies have revealed that most Germans had not heard of PSD2, because priority was not given early enough. It became obvious that retailers needed more time to adapt systems and processes to the new legal requirements. BaFin therefore granted a postponement until December 31, 2020.
Curse and blessings for the banking sector
The banks have already implemented strong customer authentication in online banking. In addition to the user ID and PIN, a dynamically generated TAN is now required for each transaction. Hence, paper TAN lists are a thing of the past.
In addition to more protection for their customers, the PSD2 also means more competition for banks: Previously, they had sovereignty over account information. Now, with the customer’s consent, they are obliged to allow third parties to access data and accounts. So, transfers for an online purchase can in future be made directly via a payment initiation service offered on the merchant’s website – without the customer having to log into their bank’s online banking. PSD2 obliges banks to set up interfaces (so-called APIs) for third-party providers. These in turn must be BaFin certified.
For FinTechs in the payment sector, system access offers the opportunity to establish itself on the market – with known or new services, which they can often offer at a lower price than conventional credit institutions.
But the active use of interfaces to third-party providers also provides potential for banks. They usually have a head start in experience in the intelligent use of data and in the design of products that consistently put customer benefit first. Cooperation or imitation offers the banking sector opportunities for innovation and new business models. That is important to adapt to changing customer requirements and to hold ground against heavyweight competitors – such as Google or Apple – who are entering the market.
Banking and Payments in Transition
PSD2 may have caused resentment among retailers and banks due to the implementation effort, as well as among many customers due to the more complex handling of online banking and payment processes. However, in addition to increased consumer protection and payment security, the Directive creates the framework for a long-term transformation of banking and payment transactions from which all parties involved can benefit. The secure exchange of data between banks and authorized third-party providers will lead to innovative products and services along the value chain – so-called “open banking”. In addition to regulations such as PSD2, other factors such as advancing digitalization, changed customer behavior and new market participants from the technology and neo-banking sectors contribute to the changes.