DEVLHON Consulting Decodes: Payment Services Directive 3 (PSD3)
General Context
The Payment Services Directive 3 (PSD3) is a major regulatory development introduced by the European Commission in June 2023 to modernize payment services and the financial sector as a whole. It follows PSD2, which has been in effect since 2019, and aims to enhance payment security, strengthen user trust, and stimulate innovation through open banking and improved data sharing between financial players. This directive is crucial for the banking sector, consumers, and businesses.
Main Objectives of PSD3:
– Enhance payment security.
– Strengthen consumer protection.
– Drive innovation in the financial sector, particularly through open banking.
– Establish stricter rules for access to payment systems and user authentication.
Key New Features Introduced by PSD3
Verification of Payee (VoP)
One of the key additions in PSD3 is the Verification of Payee (VoP), a system that verifies the match between the beneficiary’s name and the IBAN before any transfer. This system, which is set to be rolled out in multiple phases until 2027, aims to reduce errors and fraud in electronic transactions.
For businesses, this verification system will add an important layer of security during mass transfers and will require adjustments in IT systems and internal processes. Therefore, corporate treasurers should start preparing for the integration of this system into their practices.
Strong Customer Authentication (SCA)
PSD3 also strengthens the rules for Strong Customer Authentication (SCA). Introduced under PSD2, SCA will be expanded to cover more types of transactions and use cases, such as recurring payments or Mail Order/Telephone Order (MOTO) transactions. PSD3 also introduces specific exemptions for certain types of transactions to simplify their processing while maintaining high security standards.
Access to Payment Systems and Open Banking
PSD3 aims to facilitate non-bank payment service providers (PSPs) access to EU payment infrastructures. It strengthens the open banking rules introduced under PSD2 by removing barriers that hinder new providers’ access to customer data and payment systems.
Account Information Service Providers (AISPs) and Payment Initiation Service Providers (PISPs) will have smoother access to banking systems, with banks required to publish statistics on the availability and performance of their APIs. This will contribute to fairer competition and greater transparency in financial services.
Implications for Businesses and Consumers
Impacts on Businesses
– Fraud and Liability: PSD3 introduces additional measures to combat fraud, including holding technical service providers (e.g., wallets) responsible in the event of fraud if SCA measures are not properly implemented.
– Adaptation to New Standards: Businesses will need to prepare to integrate VoP into their systems, especially for mass transfers. Collaboration with banks will be necessary to ensure beneficiary data is reliable.
Impact on Consumers
– Increased Security: The new SCA rules and the widespread implementation of VoP will offer better protection against fraud, while enabling consumers to retain control over their financial data through interactive dashboards.
– Cost Transparency: PSD3 will require greater transparency in payment fees, especially for transfers outside the EU and currency conversions.
Timeline and Implementation
PSD3 and the Payment Services Regulation (PSR) will be finalized by the end of 2024, with implementation expected by 2026. Businesses and financial institutions will have a transition period to comply with the new rules.
Conclusion
PSD3 is a response to the rapid changes in the payments market, bringing enhanced security and a modernized regulatory framework to support innovation and competition in the financial sector. Businesses, consumers, and institutions will need to adapt to the new requirements to fully leverage the opportunities offered by this directive.