PSD2 Ambitions, What’s Next ?

The Directive That Has Upside Down the Norms

In 2015, the European Commission published a new directive which aims to reinforce the safety in the payment market.

This directive is called Revised Payment Service Directive (PSD2), in reference to the previous directive (PSD1) published in 2009.

Banks, institutions, payment service providers are concerned and it’s still really challenging for these actors.

But let’s dig a bit further to get a full comprehension of the ambitions and consequences.

2015, the 25th of November : the Beginning of a Lengthy Process


To contextualize, the first directive of 2009 settled 3 serious evolutions:

  • the introduction of payment service provider statut and their capability to manage financial transactions.
  • the transparency in terms of fees, delays, change rate, services for banks and payment services providers.
  • the acceleration of SEPA development.

These innovations were a huge cap to cross and it enabled customers to benefit from new payment experiences at a lower price.

However, some lacks were noticed and the European Commission decided to address them through a new directive named after the former one : PSD2.

Announced in 2015 and launched in 2018, PDS2 ambitions to get further in terms of payment market changes thanks to new payment experiences and services.

It’s major innovation was the implementation of two new payment services :

  • AISP status Account Information Service Provider — which enables new actors such as payment service providers to access account information.
  • PISP status Payment Initiation Service Provider — which allows payment service providers to initiate the transaction in the name of the buyer.

Therefore, the revised directive address lacks through reinforcement of payment securisation and open banking.

After 5 years, the process is still going on. In fact, innovation implementation is a long process and expectations are high. Therefore, many actors take time to comply with these new regulations and manage their consequences.

The European Commission plans the directive to be effective in March 2021.

The Consequences of the PSD2

In fact, this new directive trumbles out established institutions which lead to several consequences.

Firstly, the part about the payment securisation insists on the authentication reinforcement for online payment above 30€.

The consequence of the PSD2 authentication requirements is the 3DS2 which refers to 3DSecure protocol, allowing the authentication between the payment service provider and the bank.

PSD2 increases the obligation of authentication for ecommerce, but also introduce some exemptions to allow “frictionless payment” without authentication, for instance accord to the risk evaluation of the transaction.

If the risk is low, the transaction can still be frictionless under specific conditions. However if the risk is high, the SCA Strong Customer Authentication — process is triggered to ensure the safety of the transaction.

The SCA process requirements rely on 3 factors to ensure the identity of the customer and the transaction safety.
  • Inherence aspect or something that only the customer has (voice ton, typing rythme, facial recognition etc.)
  • Knowledge aspect or something only the customer knows (PIN code, password etc.)
  • Possession aspect or something only the customer possesses (the device, the ship etc.)

Two out of three are required to ensure the transaction and validate the SCA-3DS process.

Therefore, on the merchant side, there are new norms to implement in order to comply with the directive. Nonetheless, customers are also impacted on their online journey.

Enter their card digits, go through their personal device to authenticate themselves with the SCA process, go back on the main screen, sometimes type down a new code etc. This seems long, doesn’t it ?

Indeed, payment is mostly a painful time for customers and having a couple more steps to get through can be really irritating for them.

Thus, this directive has a real impact on the payment market as well as its consequences.

How Service Providers Manage this Directive

However service providers can ease the process thanks to several options.

They can make exemptions and decide to hold the risk.

They can help historical actors such as banks to comply with the directive, by deploying teams to implement strong customer authentication processes.

They can also advise them based on the level of authentication required. Or even, help to settle responsive protocol on mobile devices.

Furthermore, payment service providers can accompany merchants through the process and advise them to get a better comprehension of the regulatory context.

Besides, they can advise merchants on the risk management and customer pathway pain points’ to ease the process. This will optimize frictionless journeys through their online platform and reassure their customers.

This is the very core of our activity at Market Pay. We accompany our merchants and provide them advice according to their very need.

In fact, our objective is to help them increase their performances and profitability by easing the payment step. Because, at Market Pay we are born in retail, to drive payment indeed.

“Born in Retail, to Drive Payment”