Some apparently simple questions deserve a clear explanation, especially when our ecosystem relies on this information.
PSD2 is the second Payment Services Directive introduced by the European Union (EU) and implemented on January 13th, 2018. It extends European regulation to new payment service providers, regulates the sharing of banking data and strengthens security requirements for shoppers. As you may understand by now, as an innovative company and a banking aggregator, Spaycial has been on the front line regarding the application of this directive for the past three years. Let's take a deeper look at the main issues involved by PSD2 with Nurgül Sivasli, our General Counsel and DPO.
What are the main contributions of PSD2?
While the first version of this directive, PSD1, allowed for progress such as the acceleration of the development of a single payment area within the EU (SEPA), the introduction of the status of payment service provider (PSP) and better transparency of banks on their services and fees, PSD2 goes further by introducing new rules and new benefits for shoppers: strong authentication and open banking amongst the main ones.
Open banking means new service providers have greater access to customers' payment data, subject to their consent. From now on, traditional banks no longer have the exclusive right to process this data. Open banking is based on standardised and secure open APIs (Application Programming Interfaces) that aim to replace web scraping, the practice of accessing customer information via their login and password.
Nurgül Sivasli confirms that with PSD2, it is now possible to access, always with the customer's consent, banking transaction data. Players like Spaycial, therefore now have the ability to deploy in-store cashback programmes with a perfectly ﬂuid customer experience: it only requires for the customer to pay in-store at a partner retailer with their card to receive the cashback."
Strong authentication is one of the big changes brought by PSD2.
The directive shows that security is a major concern in Europe. Indeed, it is a question of maintaining everyone's confidence in payment systems, on which relies our entire world.
In practical terms, the user's identity will be verified by at least 2 of the following 3 factors:
- what the user knows (password, secret question, etc.);
- what the user has (identity document, notification sent by an application on his phone/tablet);
- what they are (facial or voice recognition).
PSD2: the new payment services
The transition to PSD2 regulation also led to the creation of two new service provider statuses: the account information service provider (AISP) and the payment initiation service provider (PISP).
Account information service providers collect and aggregate information on a customerthe various bank accounts of (individual or company). In concrete terms, through an app, you can for example aggregate all your bank accounts, manage your budget, set up alerts, etc. These financial information aggregators can be financial institutions (other than banks) or fin-tech companies such as Spaycial that deploy innovative services.
PSD2 makes payment service providers (banks) give access to their shoppers' data (with their consent, renewed every 90 days) to third parties such as payment service initiators (known as PSIPs) which allow the initiation of transfers from a payment account.
“The implementation of PSD2 improves the payment experience of customers and therefore affects their shopping experience, both online and in-store," explains Nurgül Sivasli. For customers, PSD2 brings more confidence through enhanced security.
Since our launch in 2016, we have strived to deliver the best possible experience for shoppers through seamless, transparent and secure management of their payment methods by retailers and other service providers.