Prepare for the Transition from
PSD2 to PSD3 Regulation

The European Commission has published draft legislation for the third Payment Services Directive (PSD3).  Proactive businesses can learn from the implementation of PSD2 to prepare for PSD3 compliance.

Prepare for PSD3 Compliance

Contact Us

From PSD2 to PSD3: What to Expect from the Proposed Regulatory Changes

PSD3 Regulation

The review process mandated by the European Commission’s PSD2 regulation has led to the development of the PSD3 draft proposal which will evolve requirements for prioritizing consumers’ interests, security and trust.

What are some of the developments that have triggered the need for changes from PSD2 to PSD3?

Since the introduction of PSD2 in 2019, the payment services market has seen significant changes. These include the growth of electronic payments, the entry of new fintech players, the emergence of open banking and new use cases like instant payments, contactless payments, crypto payments, Buy Now, Pay Later (BNPL), embedded finance and Request to Pay.

The EU Commission opened consultations into revisions for PSD2 in May 2022 to measure and review the impact of PSD2 and consider the developments in the payments landscape since the introduction of PSD2. As a result of the evaluation, which included advice from the European Banking Authority (EBA), a general and targeted public consultation and a report from an independent consultant, the European Commission decided to propose amendments to PSD2.

What are the main proposals for PSD3?

The proposals for PSD3 can be summarized into six main blocks:

  1. Fraud Mitigation: The proposals include the extension of refund rights for fraud victims, the implementation of a robust system for Identity Verification, such as matching International Bank Account Numbers (IBANs) with account names, reinforcing customer authentication protocols, and enabling the sharing of fraud-related information among Payment Service Providers (PSPs) based on a legal framework.
  2. Fairer Competition: To promote price competitiveness, PSPs will be granted access to all European Union (EU) payment systems, while payment and e-money institutions will gain secure access to bank accounts, fostering a level playing field among financial service providers.
  3. Simplification: The proposals involve the consolidation of e-money institutions and payment institutions under a unified regulatory regime, streamlining payment rules applicable to PSPs into a directly enforceable regulation, ensuring a more straightforward and consistent framework.
  4. Cash Availability: Measures will be implemented to enhance the availability of cash through shops and Automated Teller Machines (ATMs), enabling retailers to offer cash services without requiring a purchase, and providing clarity on regulations governing independent ATM operators.
  5. Consumer Rights: The proposals aim to strengthen consumer rights by enhancing transparency on account statements, addressing issues related to fund blockages, and providing clear guidelines on ATM charges, ensuring that consumers have better protection and understanding of their financial rights.
  6. Open Banking Improvements: This entails the implementation of dedicated Application Programming Interfaces (APIs) for data access, eliminating the dual interface requirement for banks, ensuring contingency data access for uninterrupted business operations, establishing consumer dashboards for managing data access rights, and expanding access to financial data beyond payment account information.

The exact timelines for entry into force for PSD3 are not yet known. Based on the usual legislative process, the final versions may become available in 2024. Member States are usually granted a transition period, so the Directive and Regulation will likely start to apply somewhere in 2025/2026.

How does LexisNexis® Risk Solutions currently enable businesses to effectively meet PSD2 requirements?

We can support and simplify your PSD2 strategy to help meet customer expectations for payments experiences centered around safety, speed and convenience and automate authentication decisions to support an efficient strong customer authentication (SCA) process and effective PSD2 compliance.

Our suite of solutions helps businesses recognize trusted users and spot suspicious anomalies in near real time through passive authentication that supports convenient digital interactions by utilizing multi-dimensional digital, physical and behavioral identity context.

Device Binding: Ensure persistent and secure device recognition with LexisNexis® ThreatMetrix® which leverages Strong ID to create a cryptographic bind with a customer’s web/mobile browser/app for meeting SCA possession-based compliance for PSD2.

Mobile App Authentication: Streamline step-up authentication for known/trusted devices by using a secure mobile banking app to authorize a desktop or mobile browser transaction with LexisNexis® Push Authentication.

Behavioral Biometrics: Evaluate how a user interacts with a device, webpage or application in real time to dynamically differentiate between a legitimate customer, a bot or a fraudster with LexisNexis® BehavioSec®.

Transaction Risk Assessment: Improve transaction risk assessment by harnessing the power of global shared intelligence through LexisNexis® Digital Identity Network® and accessing data from billions of annual transactions across diverse industries. 

Risk factors are collected, monitored and risk assessed through LexisNexis® Dynamic Decision Platform which provides enhanced authentication, identity verification and fraud decisioning. This enables organizations to maximize insights and data to make the most appropriate risk decisions for PSD2 purposes and fraud prevention while proactively identifying SCA exemption scenarios to keep trusted payments on track.

Frequently Asked Questions

What is PSD2? What are some of the main requirements of PSD2?

PSD2, or the Second Payment Services Directive, is a regulatory framework introduced by the European Union to enhance security, innovation and competition in the payment services industry. Some of the main requirements of PSD2 include the implementation of strong customer authentication (SCA), open banking APIs and the establishment of new roles such as Account Information Service Providers (AISPs) and Payment Initiation Service Providers (PISPs).

Strong customer authentication (SCA) mandates multi-factor authentication to verify the identity of consumers accessing their account online, initiating an electronic transaction or executing other high-risk transactions through a remote channel that might carry a risk of fraud. Multi-factor authentication is confirmed on the basis of two out of three elements:

PSD2 elements

Who must comply with PSD2 regulation?

PSD2 applies to a wide range of entities involved in payment services, including banks, payment service providers, fintech companies, and third-party providers. The regulation aims to create a level playing field and ensure a secure and efficient payment ecosystem for consumers and businesses.

What are some of the greatest achievements realized through the introduction of PSD2?

One of the significant achievements of PSD2 is the promotion of open banking, enabling consumers to share their financial data securely with authorized third-party providers. This has led to increased competition, innovation, and the development of new services and products in the financial industry.
PSD2 allows for the integration of new third-party providers (TPPs) such as Payment Initiation Service Providers (PISPs), Account Information Service Providers (AISPs), and Card Issuer Service Providers (CISPs). This integration enables organizations to offer more seamless and innovative payment options to their customers.

Securing digital payments for Card Not Present (CNP) transactions with Strong Customer Authentication (SCA) has also resulted in a notable decline in card-not-present fraud, according to the European Central Bank.

Have Sales Contact Me

Products You May Be Interested In