PSD2 is a becoming a buzzword. It’s described and translated in numerous ways and for some, confusing in many ways too. Let’s look at what it is.
So, PSD2 is the Payment Services Directive 2.
Why is it in place? To protect people from payment fraud – specifically remote payments. Card not present as it is often known by.
What is it? An opportunity to change your payment processes and collaborate across the payment partners (e.g. a payment provider and a retailer). And, better protect your customers’ and their money.
PSD2 is the mandate for data sharing under Open Banking
Open Banking provides a new framework whereby transactional data can be shared across lenders and businesses. To do this is via open APIs and with customer consent. Digital services at the heart of this shift and security, customer experience and access will be critical.
PSD2 is also the regulation that informs how payments are made.
PSD2 mandates how remote payments will be authenticated
Adjacent to Open Banking (the sharing of transactional data), PSD2 outlines new guidelines for payment providers when it comes to validating remote transactions. Transactions made without the person present will now need to follow a protocol in order to define what level of authentication is needed. This is where Strong Customer Authentication is introduced. See our infographic for an example of an online retail purchase.
Strong Customer Authentication is… stronger
Strong Customer Authentication (SCA), is essentially a much stronger level of authentication. Should it be required by the payment provider, it would require two forms of authentication to be given in order for the transaction to be confirmed. This will need to be managed by the payment provider with the customer giving the necessary credentials to authenticate them. Ultimately this will create a new process within the buying journey for a retailer, or the business issuing the payment request. It will also change how the payment provider can confirm and issue payment requests.
The customer journey will change
SCA will mean that the customer needs to provide two, out of three types of authentication. Something they know – like a pin number. Something they have – like a security token. Something they are – like a voice recognition or fingerprint. The customer will need to remotely access their online banking / payment account to provide this validation during the purchase journey. The confirmation will then be sent back to the payment requestor. The payment (subject to all checks confirmed and passed), will then be approved.
The future is digital
Customers want access whenever and wherever they want. This is where PSD2 and Open Banking come into their own. With Open Banking customers will be able to access their transactional data much quicker and share it with lenders. Giving them a much easier and more accurate financial view. A strategy that utilises data, collaboration and digital in its core will enable a true banking revolution.
As more and more payments are made online (10% more this year versus last), with growing in-app purchases too, protecting digital payments is imperative. To put it into context the UK Cards Association reported a 20% increase in remote-purchase fraud last year that cost £432.3 million.
Innovation is key
Whether it is innovating on the sharing of transactional data, or the permitting of a payment. Innovation will run through the centre of this new framework – and is a big objective of PSD2 too.
New entrants entering the payment market will begin to mould new ways of working. But equally large established firms will need to refine their services in order to comply and compete. Who knows if we will be authorising payments over video, or having a pin-reader back in our pocket. But what we do know is that we are poised for change. And change, can be good.
Laying the right foundations
If you look through the PSD2 framework you can start to see some core areas that need to be considered. This is essentially fraud and security.
Starting with the basics like reducing your fraud rates, engaging with and monitoring your customers devices’. Being able to secure the transmission of data in an Open API environment will be critical for trust and compliance too. Be sure to work with the right partners to deliver the right components of the journey.