For some experts, it represents a historic milestone in payment transactions, while for others, it raises many unanswered questions, making it difficult to categorize: we're talking about the so-called PSD2 directive.
"I've heard the term PSD2 more and more often recently - it's supposed to be about new regulations for online payments that come into force at the turn of the year. What exactly does this mean and what does it mean for me as a retailer?"
Michael D., Online Retailer from Nürnberg
Behind the PSD2 directive lies the revision of the Payment Services Directive of the European Union. The directive aims to promote competition and the development of innovative digital payment services while enhancing consumer protection. As of January 13, 2018, the provisions contained therein also apply in Germany. Not all details of the PSD2 directive have been finalized yet, but we are already explaining today what it is fundamentally about and what merchants need to consider.
What the PSD2 directive is all about
In general, the EU directive sets out how payments are processed within the European Economic Area. The revision of existing regulations brings about three central changes:
Opening online accounts to regulated third-party providers
Banks and payment service providers will be required to grant access to online customer accounts for third-party payment service providers (providers of payment initiation and account information services) in the future. This process is often referred to as Open Banking. It is planned that order initiation and provision of account data will take place entirely electronically through secure interfaces. Third-party payment service providers include providers of financial and payment apps that simplify account management for consumers or enable payment transactions via an app. The new regulations thus create secure conditions for such innovative financial services. However, third-party providers will only gain access to the relevant account information if the bank customer expressly consents to it.
Prohibition of extra charges in the form of surcharges
Under the new EU directive, merchants are now prohibited by law from charging a payment method fee for certain payment methods, including credit and debit cards used by consumers from Europe. Previously, in e-commerce, a surcharge, also known as an extra charge, was sometimes applied to certain payment methods. Starting from January 13, 2018, the PSD2 directive regulates the handling of such fees. Online shop operators that impose a fee for certain payment methods must adhere to the new legal provisions.
Two-Factor Authentication for Online Transactions
The term "Two-Factor Authentication" (2FA), also known as strong customer authentication, refers to the standardization of security regulations in e-commerce. This entails that, in the future, transactions in online commerce typically require the payer's authentication by their bank through a two-factor authentication method that complies with the new legal provisions. These regulations are currently being specified by the European banking supervision and will come into effect within a deadline of 18 months - expectedly in the course of 2019.
What exactly does this mean? With the implementation of the European PSD2 directive, a payment order can no longer be issued by the payer simply by providing credit card details such as number, expiration date and three-digit Card Validation Code (CVC); instead, the cardholder must be identified by means of further authentication, for example using a 3D Secure Code. These requirements also apply to all other payment methods: the PSD2 directive stipulates that the payer must be identified by strong customer authentication for all electronic payment transactions.