The European Commission is on the verge of publishing the third Payment Services Directive (PSD3) which will introduce new regulations for payment services in the European Economic Area (EEA). While the immediate impact may not be significant, it is essential for merchants of payment services to familiarise themselves with the expected changes.
In this report, Alison Donnelly, Director in fscom provides a comprehensive overview of PSD3 and discusses its potential implications for businesses, payments and customers.
The Evolution of Payment Services Directives
PSD3 builds upon the foundations laid by the first Payment Services Directive (PSD1) in 2007 and the second directive (PSD2) implemented in 2018. PSD1 established common rules for electronic payments, promoting competition, innovation, and consumer protection. PSD2 introduced strong customer authentication requirements, enhancing security but posing challenges for e-commerce. The review process mandated by PSD2 has led to the development of PSD3.
Impact on e-commerce
Strong customer authentication will continue to be a central topic in discussions around PSD3. While it has proven effective in driving electronic payments and reducing fraud, the implementation costs (estimated at €5bn) and increased transaction failure rates (estimated at €33.5bn) have been substantial. PSD3 may introduce stricter regulations regarding third-party involvement in authentication, potentially increasing costs and oversight burdens for merchants.
- Delegation and Outsourcing: PSD3 may require detailed agreements and greater oversight for authenticating payments, potentially limiting the use of third-party services and leading to increased costs.
- Merchant Initiated Transactions: Merchant-initiated transactions and direct debits are likely to be influenced by PSD3. Strong customer authentication may be required for customer transactions preceding merchant-initiated transactions, with potential limits on recurring transactions before re-authentication.
- Mail Order and Telephone Order Transactions: PSD3 might enforce strong customer authentication for mail and telephone order transactions, reducing the situations exempt from authentication.
- Merchant Refunds: PSD3 is expected to introduce an exemption to strong customer authentication, allowing merchants to make refunds without authentication due to the low risk of fraud associated with such transactions.
- Charges for Strong Customer Authentication: PSD3 is likely to include a ban on charging for the application of strong customer authentication, reducing friction and ensuring compliance.
- Tokenisation: If PSD3 determines tokenisation as the issuance of a payment instrument, it could have cost implications for merchants, potentially increasing friction.
Other Potential Changes
Aside from the aspects directly impacting payment service providers, there are other noteworthy changes that merchants should be aware of:
- Open Banking: PSD3 may push for an agreed standard across the European Economic Area (EEA) to enhance harmonisation, improve competition, and lower prices in the alternative payments sector.
- Safeguarding: There may be increased protection for customers’ funds held by payment and e-money institutions, ensuring deposit guarantee schemes step in if the safeguarding bank fails.
- Instant Payments: PSD3 could introduce rules requiring payment service providers to inform users about instant payments, allowing users to opt out and receive prompt confirmation upon successful completion.
Timeline for Implementation
Legislative changes take time to come into effect. While the European Commission’s proposals are expected soon, it may take approximately a year or longer for agreement and an additional eighteen months before implementation. Given the complexity of the payment sector, meticulous planning and execution will be crucial for merchants.
Conclusion
PSD3 signifies another milestone in the evolving payment landscape. As businesses navigate instant payments, crypto payments, open banking, and more, understanding and adapting to evolving regulations is essential. Additionally, the global nature of payments and the divergence of the UK from European directives create further dynamics to be observed. Merchants should stay informed and prepare for potential changes to ensure compliance and capitalise on emerging opportunities.
Disclaimer: Please note that the information provided is based on the current understanding of PSD3 and is subject to change as the regulatory landscape evolves.
