What is PSD2?
The Payment Service Directive was created by the European Union to regulate payment services, protect users, and encourage non-banks to participate in the payment industry. The PSD provides the legal framework in which payment providers in the EU must operate. Its second version, PSD2, came into force in 2016, but it took until March 2022 to be implemented in the U.K. and the EU.
The PSD2 covers two areas:
The market rules
They describe the type of organisations that can offer financial services. In the not too distant past, those were only credit institutions and certain authorities like central banks and government bodies. For a few years now, organisations that meet specific capital and risk management requirements can also apply for authorisation as a payment institution.
The business conduct rules
They determine what kind of information all financial institutions have to provide, including:
- Any charges
- Exchange rates
- Transaction references
- Maximum execution time
It determines both rights and obligations for service providers and their customers and deals with issues like:
- How to authorise and execute transactions
- Refunds of payments
- Revoking payment orders
- Value dating of payments
Each country must designate a “competent authority” to supervise the payment institutions and check if they comply with the business conduct rules.
What are the biggest changes with PSD2?
Banks can now open their payment services to other companies - Third-Party Payment Services Providers (TPPs). It’s now easier for TPPs to offer large-scale solutions in the European Union. That will make for a more competitive market.
The other significant change is the introduction of new security requirements known as Strong Customer Authentication (SCA). Now bank operations require two authentication factors. The definition of an authentication factor also became stricter- a result of more attacks on companies in all sectors of the economy.
What is a major concern about PSD2?
Customers now have to spend less time, resources, and effort switching from one bank to another or any third party. They can authenticate bank access and organise all their finances in one place, usually through an app. Moving capital from one account to the other now takes seconds rather than days and it’s cheaper. That challenges a lot of traditional banks, 36% of which found it hard to modernise their IT systems according to the new PSD2 directive. They need to offer a customer-friendly interface and a seamless user experience if they want to compete with the new players on the market.
PSD2 regulation: Impact on the customer experience
Written information on the card such as the card number, expiration date and CVV will no longer be used for authentication. Tokens in which you type in a one-time password are also disappearing. Customers will need to use other ways to authorise their purchases, and since the security requirements are tighter, that can easily lead to frustration on the side of consumers. They want a frictionless login experience that takes seconds. If that doesn’t happen, businesses will lose out on sales.
PSD2 compliance: How can MIRACL help?
Improved user experience
We’re so used to passwords by now that we can’t imagine a world without them. But the future looks different: If your company is using MIRACL Trust, no passwords are necessary. All your customers need is one PIN, and they’re in. To make it even easier, you can operate MIRACL on all browsers and devices, even on smart TVs. It works with Android and IOS, including on handsets up to a decade old. That way, you won’t lose customers no matter what device they use.
With MIRACL, it takes 2 seconds to log in. Error rates are as low as 1/10th of that of passwords. That saves time and ensures your customers stay on your page, completing the purchase. Checkout optimisations like this can increase conversions by 35.62.%
MIRACL meets the Strong Customer Authentication (SCA) standards of the EU Revised Directive on Payment Services (PSD2). Our cryptographic technology means that user info isn’t stored in a cloud but stays with users. Since authentication happens on the device itself, no one needs to know your PIN. Transactions are bound to the user via our digital signing feature, cutting fraud. Hackers will look elsewhere.
If you’re curious to learn more about MFA and PSD2, sign up for our newsletter, which features the latest in security software systems.