From PSD2 to PSD3: a review of the revised payment services directive

From PSD2 to PSD3, with EU public consultations, open finance could be developed even further with advanced fraud solutions being the key to success.

Neil Smith

HDX Global CEO representing Nethone as VP of Payments Strategy & Financial
Vector

16 August 2022

Group

6 min read

It might not seem all that long ago when we were intrepidly awaiting the implementation of the PSD2 revised payment services directive (2015/2366/EU) - something we have covered extensively in our blog posts - from the point of consultations to roll out across the European Union (EU). And now just a short time later, there’s already talk of PSD3. Actually, more than just talk. 02 August 2022 marked the end of the European Commission’s public consultations aimed at individuals and organisations; the point of which was to encourage involvement in a review process of PSD2 and open finance - its benefits, shortcomings and potential amendments - which may pave the way for PSD3. Despite fraud levels across the EU coming down (which was always one of the primary goals), the introduction of PSD2 still brings up apprehension over losing customers through checkout friction during the authentication process. The prospect of PSD3 need not worry businesses dealing with online payments and transactions.

Is PSD3 just around the corner?

The European Commission (EC) launched the EU public consultations on PSD2 on May 10, with targetted consultations on technical matters and open finance coming to an end on July 05, and the main PSD2 consultations closing on August 02. Although consultations were never intended to put forward the final positions of the EC, nor are they obliged to incorporate them into any draft documents, it must be noted that EU Commissioners have already stated that new rules and amendments to PSD2 are likely to happen.

The European Banking Authority (EBA) also issued a formal opinion on 23 June about the rollout of PSD2 and over 200 proposals that “would contribute to the development of the single EU retail payment market” (again, there is no formal obligation to accept these recommendations by the EBA, however, they will likely be considered and incorporated into and draft PSD3 directive). The EBA believes that the intended aims of PSD2 - to improve payment processes and reduce fraud rate - have largely been effective. This is not to say they do not acknowledge there have been problems with PSD2 implementation, which is part of the reason for a review process.

What to expect in PSD3?

Aside from reducing fraud rates through secure payment infrastructure, the aim of PSD2, and indeed PSD3, is to seek to develop cost-effective cross-border instant payments across Europe. This leads to the development of an innovative and competitive European market that can be a world leader.

Continuous innovation is essential, which is why the biggest potential amendments will cover the lack of regulation in PSD2 for emerging technologies and alternative payment methods such as cryptocurrencies and Buy Now, Pay Later (BNPL) schemes.

Other areas of PSD3 that may include amendments to:

  • whether exemptions from PSD2 should be amended, removed entirely, or even new ones added.
  • changes to strong customer authentication (SCA) requirements, which could include extending the SCA period from 90 to 180 days to reduce the current issues with checkout friction for customers.
  • resolving legislative fragmentation across Europe by including more precise specifications of API standards, directory services and payment infrastructure.

Consultations have shown that there is still a perceived hurdle to the efficient use of PSD2 with checkout friction. Although already in place, some of the contributing comments from merchants showed that there were difficulties in being able to take advantage of SCA exemptions through the existing mechanisms such as the Transaction Risk Analysis (TRA). Some of the public consultation feedback provided is worth reading to gauge the issues which still blight merchants despite the overall success of PSD2.

How could open finance develop under PSD3?

The question of open finance was also up for consultation. Some of the questions focused on the use of existing open finance services and how effective they are, like the use of payment initiation services to access payment accounts. Another aspect is to consider the expansion of open finance or other financial services data that respondents would like to be able to access via third-party providers, such as mortgages, savings, pension and insurance services.

As things stand, by law, third-party service providers only have access to certain customer data, but part of this consultation process was to seek feedback about whether to extend access rights to more customer data. According to the EU commission, open finance refers to third-party service providers’ access to (business and consumer) customer data held by financial sector intermediaries and other data holders for the purposes of providing a wide range of financial and information services. Could this consultation lead to the development of open finance under PSD3? This remains to be seen.

What we can say with certainty, for now, is that we are likely to see further details emerging over the possible extension of open finance from payment accounts to a wider range of financial services. This may be big in scope and could result in other EU legislative reforms for payments and finance.

What part does behavioral biometrics have to play in PSD3?

Ever since the introduction of PSD2 there have been concerns from eCommerce merchants that checkout friction is a major stumbling block when taking into consideration authentication processes. Since the inception of PSD2, we at Nethone have been trumpeting the major benefits of advanced fraud solutions that are powered by machine learning models and incorporate behavioural biometrics and digital fingerprinting. Such solutions allow for every single user transaction to be scrutinised in real-time and passively (performed automatically in the background). The benefit? SCA requirements within the current scope of PSD2 are met without the need for invasive authentication processes that can lead to checkout friction and cart abandonment. Happy customers mean happy merchants.

We are so confident that our solution works for every eCommerce merchant that we’ve produced a white paper on the topic of frictionless checkout experiences.

When will PSD3 come into effect?

You can breathe a sigh of relief, we’re still some time away from even seeing a draft version of PSD3. What must be taken into consideration, however, is that due to the implementation pains of PSD2 having largely been overcome, it is likely that PSD3 could be implemented much quicker. The hope is to see a smooth process if indeed amendments are made. But even so, implementation could still take another 3-5 years, which of course we will follow.

---

If you want to steer clear of checkout friction and stay ahead of future regulatory requirements associated with the move from PSD2 to PSD3, we can help. Click 'book a call' at the top of this page total to us, or contact Neil directly via email at neil.smith@nethone.com or via LinkedIn.

Download your FREE frictionless checkout white paper now!

Download your FREE frictionless checkout white paper now!

Discover how to reduce SCA checkout friction in eCommerce while effectively preventing fraud.

Download here