The review process mandated by the European Commission’s PSD2 regulation has led to the development of the PSD3 draft proposal which will evolve requirements for prioritizing consumers’ interests, security and trust.
Since the introduction of PSD2 in 2019, the payment services market has seen significant changes. These include the growth of electronic payments, the entry of new fintech players, the emergence of open banking and new use cases like instant payments, contactless payments, crypto payments, Buy Now, Pay Later (BNPL), embedded finance and Request to Pay.
The EU Commission opened consultations into revisions for PSD2 in May 2022 to measure and review the impact of PSD2 and consider the developments in the payments landscape since the introduction of PSD2. As a result of the evaluation, which included advice from the European Banking Authority (EBA), a general and targeted public consultation and a report from an independent consultant, the European Commission decided to propose amendments to PSD2.
The proposals for PSD3 can be summarized into six main blocks:
The exact timelines for entry into force for PSD3 are not yet known. Based on the usual legislative process, the final versions may become available in 2024. Member States are usually granted a transition period, so the Directive and Regulation will likely start to apply somewhere in 2025/2026.
We can support and simplify your PSD2 strategy to help meet customer expectations for payments experiences centered around safety, speed and convenience and automate authentication decisions to support an efficient strong customer authentication (SCA) process and effective PSD2 compliance.
Our suite of solutions helps businesses recognize trusted users and spot suspicious anomalies in near real time through passive authentication that supports convenient digital interactions by utilizing multi-dimensional digital, physical and behavioral identity context.
Device Binding: Ensure persistent and secure device recognition with LexisNexis® ThreatMetrix® which leverages Strong ID to create a cryptographic bind with a customer’s web/mobile browser/app for meeting SCA possession-based compliance for PSD2.
Mobile App Authentication: Streamline step-up authentication for known/trusted devices by using a secure mobile banking app to authorize a desktop or mobile browser transaction with LexisNexis® Push Authentication.
Behavioral Biometrics: Evaluate how a user interacts with a device, webpage or application in real time to dynamically differentiate between a legitimate customer, a bot or a fraudster with LexisNexis® BehavioSec®.
Transaction Risk Assessment: Improve transaction risk assessment by harnessing the power of global shared intelligence through LexisNexis® Digital Identity Network® and accessing data from billions of annual transactions across diverse industries.
Risk factors are collected, monitored and risk assessed through LexisNexis® Dynamic Decision Platform which provides enhanced authentication, identity verification and fraud decisioning. This enables organizations to maximize insights and data to make the most appropriate risk decisions for PSD2 purposes and fraud prevention while proactively identifying SCA exemption scenarios to keep trusted payments on track.
What is PSD2? What are some of the main requirements of PSD2?
PSD2, or the Second Payment Services Directive, is a regulatory framework introduced by the European Union to enhance security, innovation and competition in the payment services industry. Some of the main requirements of PSD2 include the implementation of strong customer authentication (SCA), open banking APIs and the establishment of new roles such as Account Information Service Providers (AISPs) and Payment Initiation Service Providers (PISPs).
Strong customer authentication (SCA) mandates multi-factor authentication to verify the identity of consumers accessing their account online, initiating an electronic transaction or executing other high-risk transactions through a remote channel that might carry a risk of fraud. Multi-factor authentication is confirmed on the basis of two out of three elements:
Who must comply with PSD2 regulation?
PSD2 applies to a wide range of entities involved in payment services, including banks, payment service providers, fintech companies, and third-party providers. The regulation aims to create a level playing field and ensure a secure and efficient payment ecosystem for consumers and businesses.
What are some of the greatest achievements realized through the introduction of PSD2?
One of the significant achievements of PSD2 is the promotion of open banking, enabling consumers to share their financial data securely with authorized third-party providers. This has led to increased competition, innovation, and the development of new services and products in the financial industry.
PSD2 allows for the integration of new third-party providers (TPPs) such as Payment Initiation Service Providers (PISPs), Account Information Service Providers (AISPs), and Card Issuer Service Providers (CISPs). This integration enables organizations to offer more seamless and innovative payment options to their customers.
Securing digital payments for Card Not Present (CNP) transactions with Strong Customer Authentication (SCA) has also resulted in a notable decline in card-not-present fraud, according to the European Central Bank.
Transform human interactions into actionable intelligenceLearn More
Gain the ability to recognize good, returning customers and weed out fraudsters, all in near real timeLearn More
Get a clear picture of who is behind a transaction and the associated risk, so your team can automate decision workflows, improve customer experience, all in near-real timeLearn More
Enable cybersecurity and risk management through data science innovation and shared intelligenceLearn More