Banks must comply with PSD2 guidelines. This means banks must make information available to clients and give third parties access to payment accounts.
That requires an intensive and radical process of change in which all banks must facilitate a link for payment initiation, access to account information, and balance checks.
Enigma Consulting would be delighted to discuss the impact of the 7 main PSD2 changes on your organisation:
Expansion of scope
PSD2 has a greater geographical reach than its predecessor PSD1: as it happens, so-called ‘one-leg’ transactions now also fall within the scope of the payment guideline. Transactions in all currencies, not just Euros and other EU/EEA currencies, now fall within the scope of PSD.
Restrictions on exemptions
PSD1 permitted a relatively high volume of exemptions to licencing obligations for payment institutions. In many cases, these exemptions have been tightened up for PSD2.
Restrictions on passing on card payment charges
PSD2 prohibits passing on payment transaction charges to consumers via surcharges on the use of a specific method of payment, usually credit cards.
Reduction of consumer liability
PSD2 stipulates that if the third party payment service provider is responsible for incorrect execution of the payment transaction, the PISP must immediately compensate the institution managing the account in full, unless the PISP can show that the AS PSP received the correct payment instructions. The consumer is therefore indemnified against any risk of using the service.
Additional demands on payment institutions
PSD2 places additional demands on licence applications from payment institutions. These additional conditions are primarily geared towards limiting security risks and procedures relating to managing incidents.
Access to payment accounts – by third parties
PSD2 differentiates between the following services:
- Payment initiation services via a third party payment initiation provider
- Account information services via a third party account information service provider
Third parties that wish to offer the abovementioned service must have a payment institution or banking licence and are thus subject to supervision by the central banks. Another important condition is that the payment initiation service provider and the account information service provider never have client funds in their own possession when executing the abovementioned services.
Access to payment accounts – customer authentication
Strong customer authentication (SCA) is always required for access to the payment account and authorisation of a transaction, except in a few cases.