Who needs to comply with PSD2?
We like easy questions first.
Companies that operate in and sell into the EU. For example, if you are a merchant that has a UK entity and you sell into the EU, you need to be compliant.
What is PSD2?
This question has a longer answer. We'll try to keep it simple.
The Council of the European Union passed an updated payment regulation called the Payments Service Directive 2, or PSD2. This follow up to PSD1 has the potential to revolutionize the European payments and financial industry while bringing regulation and control over how third parties and banks share information.
The regulation affects merchants in different ways based on operating model (marketplaces, for example). The below info is high level and not all encompassing. We wanted to give PSD2 a shout out as it pertains to merchants of record that sell directly to their customers. If you prefer a deeper dive, stop by JP Morgan's post here.
Three points of impact merchants need to be aware of:
1) Access to Accounts: Merchants will be able to ask consumers for permission to use bank account details allowing payment transactions to happen directly between them and their customer's bank. Super cool if you're looking to reduce the number of cooks in your payments supply chain kitchen and reduce steps in the checkout process. Warning though, this means the merchant will need to apply to be a third party provider (there are a few flavors) and that process ain't easy - or cheap.
2) Strong Customer Authentication (SCA): Merchants will need to include customer authentication as part of the payment transaction. PSD2 states that 2 or more of the below 3 items are required to meet the "strong" part of the authentication requirement. There are a number of vendors and solution providers that can assist with this piece. Click here to learn more from our friends at Adyen.
a) Something the customer knows (like a PIN number)
b) Something the customer owns (like a mobile device)
c) Something the customer is (fingerprint or facial recognition, for example)
3) Surcharging Ban: PSD1 put limitations on surcharging - PSD2 bans them altogether. If you surcharge and it is either a) a revenue stream or b) just covers your processing costs, and you have not discussed the ban with your finance team, you will need to rip this band off quickly. While removing surcharges is a good thing when it comes to building customer loyalty and trust, a merchant's finance team needs time to adjust and work out alternatives where available.
What should banking customers expect from their banks?
Absolutely nothing. Just kidding. PSD2 will change the way customers interact with and what they expect from their banks. Customers can expect to see a boom in banking innovations in an effort to help offset the lessening dependency on cards.
Bjørn Søland, technical expert at Nexus Group, stated, “When bank customers can use third-party providers such as social media platforms or messaging apps to pay bills straight from their bank accounts, banks might lose many of the customer interactions – if the banks do not create equally attractive solutions.”
Banks adopting the regulation are starting to offer real-time spending insights, savings goals and relevant offers tailored to their customers.
There will be a number of other benefits to banking customers now that banks will have to compete for revenue in areas where they have traditionally dominated. Everything from loans to payments to banking services will evolve in the open market.
What does this mean for the payments industry?
Basically, anyone can process payments now as a result of PSD2. With that though, for merchants and third party platforms that do no already know how to run a payments company (and also don't have a crystal ball to show them how this change is going to shake out) we wouldn't recommend you go this route.
The payments industry before PSD2 had a well-established value chain and companies were knowledgeable of what business models are profitable. The new directive will now change the payments value chain and ultimately create new profitable business models.
As existing and new Third Party Processors (TPPs), Payment Initiation Service Providers (PISPs) and Account Information Service Providers (AISPs) figure out whats-what, the landscape of alternative payment solutions will grow - which is very cool as merchants head deeper into the age of autonomous payments (thanks Tearsheet!).
How does PSD2 affect American companies?
US merchants that do not operate internationally will not be directly affected by the regulation - per se. Many US based e-commerce merchants already understand the importance of multi-factor authentication and other means to safe guard customer data and build buyer trust.
With that, US based merchants need to understand that they are now going to be competing for the loyalty and trust of their international buyers in a way they haven't had to before. Ignoring PSD2 and not having a plan to support it to safeguard international sales would be a mistake.
US merchants could take this opportunity to strengthen their relationships with international buyers by building campaigns around and promoting that - while they don't need to abide by PSD2 - they're gonna.
While PSD2 is being hailed as the next evolution of the global financial industry, it's brand spankin' new and will surely have its "oops, we didn't think of that" moments. Either or, the updated regulation will usher in an era of financial innovation that will be very exciting to be a part of. It also offers standards and regulation in a sector that previously had little oversight.
If you operate in the EU or are a US business that sells into the EU and need a coach to help with your PSD2 game plan, give us a call. We love this stuff.