More competition, innovation, consumer protection and security
PSD2 is the revised version of the 2007 Payment Services Directive and forms the legal basis for non-cash payments between consumers and businesses in Europe. It regulates the rights and obligations of the various parties in the payment system, for example the requirements for operating as a payment institution, the conditions governing payment transactions and the rules regarding information provision about payments. The aim of PSD2 is to promote competition, innovation, consumer protection and security in the European payment system. The key innovation of PSD2 compared to the 2007 Directive is that banks must allow new types of payment initiation services providers and account information services providers – also referred to as "third parties" – access to their payment accounts, subject to the account holders' consent.
Access to payment accounts
This signifies a fundamental change in banking services. For centuries, banks have been strengthening the security of their funds, buildings and systems. Now they are forced to open up their retail payment systems under PSD2. They will have to share their knowledge and details about their customers with the new (licensed) service providers, who will offer their own services to these customers. For example, through a payment initiation service provider, account holders can initiate payment orders with their bank using an app or website, as an alternative for e.g. iDEAL and credit card payments. PSD2 thus paves the way for new online payment methods. Through an account information service provider, account holders can obtain real-time overviews and analyses of their payment transactions from one or more bank accounts.
New service providers
PSD2 creates new commercial opportunities, independent from the banks. For example, large retail and supermarket chains or telecom providers could set up a payment initiation service and handle their own payments, possibly combined with the use of payment data. Software providers could offer both types of services in order to improve the integration of payments and financial accounting systems in the corporate environment.
Banks not sitting still
The banks have not been sitting still of course. They can already provide these services. Over the years they have been developing their own solutions, introducing apps such as Grip and Tikkie, and spin-offs such as Payconiq and Peaks. Effectively, these are the first actual results of PSD2. Banks and new service providers, often start-ups, are more and more working together in developing innovative online and mobile payment services. Banking services will be increasingly offered through digital platforms. This will change the banks' business models and make the payment chain more complex.
Benefits for consumers
Consumers will benefit from more competition, ongoing digitalisation and innovations brought about by PSD2. These innovations will result in new, digital payment methods that are more user-friendly, allow better insight in payments and may reduce payment costs. However, consumers seem to be hardly aware of the new Directive and its implications. Of those who do know about PSD2, some are positive about the new opportunities, but others are concerned about the use of their payment details and their privacy. In this respect, the fact that large internet companies such as Facebook could also become payment institutions and offer account information services undoubtedly plays a role.
Security and privacy safeguards
The European legislator has anticipated these concerns and has taken measures to safeguard account holders´ security and privacy. For example, all payment service providers must be registered or licensed by DNB or another EEA supervisory authority before they can be allowed access to accounts, which brings them under supervision. Just like banks, they must meet security standards that are stricter than before in order to be allowed access. The new European General Data Protection Regulation also applies to them. The key requirement for acquiring access to accounts under PSD2 is that account holders must give their explicit consent. In the Netherlands, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) monitors this.
The account holder decides
In summary, account holders enjoy protection, but they also have their own responsibility. If they do not want third parties gaining access to their payment account, they are free not to give their consent. In the end, it is up to the account holder to decide.