Paying it forward with Payment Performance
Sep 2017 | Credit Decisions

‘Payment Services Directive 2’

PSD2 is a becoming a buzzword. It’s described and translated in numerous ways and for some, confusing in many ways too. Let’s look at what it is.

Why is it in place? To protect people from payment fraud – specifically remote payments. Card not present as it is often known by.

What is it? An opportunity to change your payment processes and collaborate across the payment partners (e.g. a payment provider and a retailer). And, better protect your customers’ and their money.

PSD2 is the mandate for data sharing under Open Banking

Open Banking provides a new framework whereby transactional data can be shared across lenders and businesses. To do this is via open APIs and with customer consent. Digital services at the heart of this shift and security, customer experience and access will be critical.

PSD2 is also the regulation that informs how payments are made.

PSD2 mandates how remote payments will be authenticated

Adjacent to Open Banking (the sharing of transactional data), PSD2 outlines new guidelines for payment providers when it comes to validating remote transactions. Transactions made without the person present will now need to follow a protocol in order to define what level of authentication is needed. This is where Strong Customer Authentication is introduced. See our infographic for an example of an online retail purchase.

Strong Customer Authentication is… stronger

Strong Customer Authentication (SCA), is essentially a much stronger level of authentication. Should it be required by the payment provider, it would require two forms of authentication to be given in order for the transaction to be confirmed. This will need to be managed by the payment provider with the customer giving the necessary credentials to authenticate them. Ultimately this will create a new process within the buying journey for a retailer, or the business issuing the payment request. It will also change how the payment provider can confirm and issue payment requests.

The customer journey will change

SCA will mean that the customer needs to provide two, out of three types of authentication. Something they know – like a pin number. Something they have – like a security token. Something they are – like a voice recognition or fingerprint. The customer will need to remotely access their online banking / payment account to provide this validation during the purchase journey. The confirmation will then be sent back to the payment requestor. The payment (subject to all checks confirmed and passed), will then be approved.

The future is digital

Customers want access whenever and wherever they want. This is where PSD2 and Open Banking come into their own. With Open Banking customers will be able to access their transactional data much quicker and share it with lenders. Giving them a much easier and more accurate financial view. A strategy that utilises data, collaboration and digital in its core will enable a true banking revolution.

As more and more payments are made online (10% more this year versus last), with growing in-app purchases too, protecting digital payments is imperative. To put it into context the UK Cards Association reported a 20% increase in remote-purchase fraud last year that cost £432.3 million.

Innovation is key

Whether it is innovating on the sharing of transactional data, or the permitting of a payment. Innovation will run through the centre of this new framework – and is a big objective of PSD2 too.

New entrants entering the payment market will begin to mould new ways of working. But equally large established firms will need to refine their services in order to comply and compete. Who knows if we will be authorising payments over video, or having a pin-reader back in our pocket. But what we do know is that we are poised for change. And change, can be good.

Laying the right foundations

If you look through the PSD2 framework you can start to see some core areas that need to be considered. This is essentially fraud and security.

Starting with the basics like reducing your fraud rates, engaging with and monitoring your customers devices’. Being able to secure the transmission of data in an Open API environment will be critical for trust and compliance too. Be sure to work with the right partners to deliver the right components of the journey.