The new revised Payments Services Directive (PSD2) is designed to open the market to new forms of regulated payments and has a direct effect on the entire European payment industry. The directive will grant access to customer bank accounts and transaction data to third-party providers via a dedicated set of application program interfaces (APIs).

An Open and Innovative Environment

The original Directive on Payment Services was created in 2009 as a uniform payments directive across Europe. The PSD2, scheduled to be enforced in early 2017, puts greater emphasis on the digital channel as a means of creating a more open and innovative environment for banking customers, while also opening the stage to new third-party providers.

One of the most important parts of the new directive is the access to the account for Payment Initiation and Account Information Services (XS2A). To access the relevant data, Account Information Service Providers (AISPs) may need to use open APIs to request account information and initiate payments from a specified account.

Another stipulation refers to the addition of Payment Information Service Providers (PISPs), which can initiate payment transactions. This is a big change — there are currently only a handful of payment options that can take money from one account and send it elsewhere, such as the Single Euro Payment Area (SEPA).

The PSD2 in Action

Let’s look at a typical online purchase for an example of how the PSD2 might affect consumers and providers alike.

When a customer shops online, instead of entering credit card information, the online retailer will request access to his or her bank account. Once the customer agrees to share those details, he or she will be redirected to the bank’s website to provide the necessary permissions.

This is similar to the way applications request access to a user’s Facebook or Gmail account today. In lieu of sharing his or her banking details with the online merchant, the user will simply grant permissions to the bank to execute online payments on their behalf.

The next time the customer attempts to access the same retailer, he or she may be required to grant the permissions again, or they will stay active until the customer chooses to revoke them.

PSD2 regulations also provide an opportunity for banks and other financial institutions to address digital transformation. The underlying security and an open API platform can help level the playing field between the various players, with the goal of increasing competitiveness and delivering increased value to end users.

Watch the on-demand webinar to learn more about PSD2

Security Versus Convenience — Why Not Both?

PSD2 is designed to foster innovation, enhance transparency and drive competition by enabling new players to enter the financial services industry. It also aims to enhance consumer protection, increase convenience and contribute to a more integrated and efficient European payments market overall.

IBM Trusteer solutions can help organizations step up to the challenges and opportunities presented by the new regulation. These include strong customer authentication, transaction/session signing and enhanced electronic payments. Trusteer supports the development of user-friendly, accessible and innovative means of payment and provides real-time recommendations regarding login attempts, session time out and validity of authentication across both web and mobile.

Additionally, Trusteer Pinpoint Detect works in conjunction with additional products and services to further enhance fraud identification and remediation across many attack vectors. By aggregating and correlating evidence-based threat intelligence, risk-based indicators, behavioral analytics and in-depth fraud information, we can help organizations meet their security demands. This approach allows enterprises to concentrate on providing innovative banking and payment solutions while balancing security and user convenience.

Learn More

To learn more about the challenges and opportunities presented by PSD2, watch our on-demand webinar, “Ready, Steady, GO — PSD2 is Coming” or download the white paper, “The Impact of PSD2 on Authentication and Security in European Financial Institutions.”

More from Banking & Finance

Cost of a Data Breach: Banking and Finance

The importance of cybersecurity has touched almost every industry. Beyond that, robust cybersecurity is table stakes for several sectors, particularly health care and the banking and finance industry. Not only is financial data at risk, but so is customer trust. In banking and finance, trust means everything. Yet, consumers are hesitant to share their confidential data. A recent McKinsey survey revealed that no industry achieved a trust rating of 50% for data protection. Here’s the most sobering stat: 87% of…

What Do Financial Institutions Need to Know About the SEC’s Proposed Cybersecurity Rules?

On March 9, the U.S. Securities and Exchange Commission (SEC) announced a new set of proposed rules for cybersecurity risk management, strategy and incident disclosure for public companies. One intent of the rule changes is to provide “consistent, comparable and decision-useful” information to investors. Not yet adopted, these new rules – published in the Federal Register on March 23 – could change reporting requirements. Take a look at some of the big-ticket items and what your organization needs to know.…

SEC Proposes New Cybersecurity Rules for Financial Services

Proposed new policies from the Securities and Exchange Commission (SEC) could spell changes for how financial services firms handle cybersecurity. On Feb. 9, the SEC voted to propose cybersecurity risk management policies for registered investment advisers, registered investment companies and business development companies (funds). Next, the proposal will go through a public comment period until May 9.  The Importance of Cybersecurity in Finance The 2021 X-Force Threat Index found that financial services were the most targeted industry. Manufacturing beat out…

Top Security Concerns When Accepting Crypto Payment

From Microsoft to AT&T to Home Depot, more companies are accepting cryptocurrency as a way to pay for products and services. This makes perfect sense as crypto coins are a viable revenue source. Perhaps the time is ripe for businesses to learn how to receive, process and convert crypto payments into fiat currency. Still, many questions remain. How can you safely enable customers to pay with Bitcoin or other digital currency? What are the security risks that come with cryptocurrency? Let’s…