PSD2 – what you need to know

PSD2 – what you need to know

From 13 January 2018, the new EU Payment Services Directive 2 or PSD2 will enter into force. We are informing you of the most important changes.

Payment transactions will radically change in Europe with the introduction of the new EU Payment Services Directive 2 or PSD2 on 13 January 2018. Although many details are not yet known, it is important that as a merchant you are informed of the impending changes and new opportunities today. Three fundamental changes are at the forefront.

First: Access to account (XS2A)

This provision obliges banks to grant third-party providers access to their customers’ account information free of charge (provided the account holder agrees to this). This process is often also referred to as ‘Open banking’ or ‘Access to account’ (XS2A).

For the merchant, XS2A is the key to introducing account-based payments for end customers at the point of sale. As a result, end customers can submit payment orders to their bank via appropriate merchant service providers (payment initiation service providers – ‘PISPs’), which benefits the merchant. The merchant receives – obviously after authorisation by the end customer – confirmation of receipt of the payment order back from the end customer’s bank within seconds.

Combined with app-supported customer loyalty programmes (loyalty systems), account-based payments present an interesting addition to current payment methods. SIX plans to provide appropriate services to its merchants from 2018/2019 – in a first phase in e-commerce with the greater establishment of the necessary standards, including for face-to-face transactions at a later date.

Second: Prohibition of payment methods subject to extra fees (surcharges)

In accordance with the new directive, merchants may no longer demand extra fees (surcharges) for certain payment methods (debit and credit cards, but also alternative payment methods such as PayPal or similar) by law. Although according to the policies of the individual credit card organisations such surcharges were mostly already prohibited at an earlier date, some merchants and online shop operators still charge these fees even today. Such merchants must observe the new legal provisions from the 13 January 2018 and adjust their charging scheme so that they do not violate the PSD2 surcharge ban.

Third: Strong customer authentication (SCA)

The strong customer authentication (SCA) should further increase the payment security for consumers. A two-factor authentication process shall be introduced with the new directive which plans to use two independent technologies. For example, this can be a combination of password entry and fingerprint or a combination of password entry and a 3-D secure code or code sent via SMS. Payment made solely by providing credit card data – the number, expiry date and three-digit card validation code (CVC) will no longer be possible. Use of SCA for the merchant presents a lower risk of defaulting on payment. In contrast, there is the fear that more complex identification mechanisms will lead to higher breakdown rates.

With respect to SCA, we recommend that you contact your e-commerce payment service provider (PSP) and clarify whether they have implemented or planned the necessary adjustments to the appropriate e-commerce payment solution. If you use Saferpay from SIX, this is already guaranteed.

Everything from a single source

As a merchant you must find your way through the jungle of the new directives and are also increasingly obliged to identify any new services and payment methods which most appeal to your customers – particularly in e-commerce. SIX can provide extensive support for you in both areas – with expertise and experience, but also with new services like the payment trigger service, which we will offer in future as a payment initiation service provider (PISP). In summary: You will also receive all of the relevant services you need for cashless payment transactions in your company in the future from SIX – all from a single source.