Payment Service Directive (PSD) II
A constantly growing number of deals and providers on the financial services market are necessitating new regulations. Guidelines and directives are becoming increasingly detailed and complex: they affect start-ups and established companies alike. It is more important than ever to maintain an overview and keep up to date with of all of these.
PSD II before national implementation:
In verifying PSD I, it became clear that the directive would have to be adapted, if nothing else, for two glaring reasons:
- Rapid market development among payment services and the appearance of many new market players
- Technical advancements in IT
On 25 November 2015, the EU Council agreed to the revised version of the Second Payment Services Directive. The national implementation phase will continue until 13 January 2018.
PSD II will bring about especially two fundamental changes:
- FinTechs will figure more comprehensively in the directive.
- The obligations FinTechs will have to observe in payment transactions will be specified in greater detail.
Applicability of PSD II:
PSD II applies the same as PSD I and additionally to service providers who allocate payment initiation or account information services. That means so-far unregulated companies will also fall under PSD II.
As soon as one of the payment service providers is established in the EU, the transparency and information requirements apply ("one-leg transactions"). The regulations also apply to payments in third-country currencies.
Payment initiation service providers allow access to accounts held with other payment service providers, but provide no payment accounts of their own. A payment order is initiated at a user's request.
Account information service providers provide consolidated information on payment accounts that the user holds with one or more payment service providers:
Essential changes in PSD II:
The following limited exemptions apply.
- Commercial agent exceptions will only apply for precisely defined payment processes through commercial agents.
- Limited network exemptions will only apply if the issued payment instruments are offered in one of the narrowly limited networks.
- Digital service exemptions will only apply to low-value ancillary service payments.
Authorisation as a payment institute:
The payment services provider requires authorisation as a payment institute, where additional documents must be provided along with the application. Companies require professional liability insurance if they wish to apply as a payment initiation and/or account information service provider. At the time of approval, payment service providers must have a certain amount of initial capital. Furthermore, payment service providers must satisfy certain capital requirements unless they offer exclusively payment initiation and/or account information services.
The transparency provisions have been amended with the following obligations:
- Reporting of serious operational and security incidents;
- Ensuring strong customer authentication;
- Liability for defective payment transactions.
Special obligations apply to payment initiation and account information service providers:
- The personalised security credentials of a user may not be accessible to any other party. A user's sensitive payment data or personalised security credentials may not be stored.
- Payment initiation and account information service providers must authenticate themselves towards the account servicing payment service provider.
- When payment is initiated, the account servicing payment service provider must immediately notify the payment initiation service provider of the receipt of payment and indicate whether there are sufficient funds in the account.
Strong customer authentication:
For online payments, it must be uniquely and traceably discernible that a user has mandated a payment. This means a transaction requires at least two elements of the following three categories:
- Knowledge (which only the user knows, e.g. PIN/password)
- Possession (something only the user possesses, e.g. smartphone, smartcard or token)
- Inherence (biometric recognition, e.g. fingerprint or eye scan).
Where a payment service user denies having authorised an executed payment transaction, or claims that the payment transaction was not correctly executed, it is for the payment service provider to prove that the payment transaction was authenticated. They has to verify that the payment process was - accurately recorded, entered into the accounts and was not effected by a technical breakdown or some other deficiency of the service provided by the payment service provider.
Unless there is suspicion of fraud, the unauthorised payments must be cancelled by the payment service providers. In the case of intentional or grossly negligent breach of obligations, the user must bear all of the losses.
Register of authorised payment institutions:
Entry of payment service providers into a national register (in Germany kept by the BaFin) is still required. The register of which payment service providers may provide payment services in the Member States is publically available on the EBA website.
Payment initiation and account information service providers will be granted access to the bank–customer interface, and will accordingly be able to collect and process data on behalf of the customer, and offer new services.
For the account holder and account servicing payment service provider, payment initiation and account information service could pose risks, which must be countered by the increased security requirements described above.
Our range of services:
We offer the following services in relation to the Second Payment Service Directive:
- We know how the changes in PSD II will affect you, and give comprehensive advice on the necessary adaptations of your systems and processes.
- We help you identify new market opportunities arising from PSD II, and give suggestions for your Europe-wide business development.
- We support you on the analysis, development, project management and implementation of your payment strategy.
Would you like professional advice?
Our consultants will be glad to arrange a one-on-one consultation with you
Via E-Mail: payments(at)it-economics.de
Via Phone: +49 89 215 488 0-0