We polled our twitter audiences to see what they knew about PSD2. Results were mixed!
As payment developers and API programmers, you face pressure to meet today’s consumer expectations to offer digital payment solutions. It is also critical to understand all the current rules that govern the use of their application or software in a geographical area.
For example, the Payment Services Directive (PSD) has a significant impact on all payment developers in the European Union (EU). This EU regulation has yet to reach other parts of the world, but the revolutionary changes it brings may signal similar legislation in other parts of the world where consumers want digital payment solutions.
The latest version of the regulation, known as Revised Payment Services Directive (PSD2), has launched to address the online payment process. If you are not already familiar with this new directive, now is the time to understand the changes and the impact they have on payment processes and platforms.
While the common response to these changes has been an ad-hoc approach to plugging in solutions to address the requirements, this latest directive may call for a more dramatic makeover to digital payment platforms.
Let’s cover PSD2, its purpose, and the identifiable challenges and opportunities that result from this regulatory environment.
What is PSD2?
The European Union created PSD2 as the second Payment Services Directive to transform the payments industry so that it aligns with the digital environment that consumers and businesses use. EU organizations had to adopt new regulations by the end of 2018.
As a set of standards, PSD2 establishes guidelines for how to pay and accept payments online. It also determines the process for sharing and viewing information related the online payment process.
Key Changes Since PSD1
The key changes from the first directive include access to bank information. Before the new directive, banks had a monopoly on their users’ data. With PSD2, merchants like Amazon can get bank account data from a user’s bank with their permission. This allows a more direct payment process rather than having to bring in another party like PayPal or a credit card provider.
Also, consumers can allow Account Information Service Providers Payment Initiation Service Providers (PISPs) to put all their different account information in one place. From there, they can get a dashboard view of all accounts or make payments from multiple banks within one platform. This drives greater control and convenience for consumers.
Another change involves stronger identity checks for online purchases. All the changes together create an online payment environment that gives consumers more payment choices, protection, and control.
A Challenge for Developers: Strong Customer Authentication
While organizations should have already enacted PSD2, one part of the process involves more time. By September 2019, developers should address the challenge of enacting strong customer authentication (SCA).
PSD2 defines these transactions as including account access through computers (desktops and laptops) and mobile devices (smartphones and tablets). Strong customer authentication is also necessary for the actual payment authentication process.
At least two of three authentication methods must authenticate all these transactions. There are many methods that may fulfill this requirement.
First, there can be two devices where one is running the banking/merchant application and the other is providing the authentication. This scenario includes hardware tokens and U2F devices as authentication devices. It would also be possible to have a mobile device and a laptop where the laptop is running the banking/merchant application and the mobile device is providing authentication. However, the challenge here is to be able to have dynamic linking of payment/merchant information sent back to that authentication device.
It is also possible to use two apps and one device. This scenario would involve a single device, such as a smartphone, which would have the banking/merchant app and an authentication app like Google Authenticator or a specialty-built authentication app.
Another scenario is to use one app and one device. With this scenario, there would be a mobile banking app that also provides authentication capability that you accessed through a smartphone.
The last scenario is Out-of-Band (OOB) Authentication. A mobile phone number receives a SMS that a SIM card has secured. In this case, the mobile device would serve as the second factor. Consumers know and trust this method already because it is easy and convenient.
However, the question is: How do institutions provide a frictionless experience when SCA can create friction?
Opportunities with Machine Learning and Artificial Intelligence
One answer is machine learning, which can address the dual needs of increased security and a better customer experience. PSD2 allows for SCA exemptions for Payment Service Providers (PSPs) that have incorporated machine learning or another type of analytics. Both types of tools have reduced fraud rates.
Machine learning platforms combine artificial intelligence technology and risk management tools designed for fraud detection. The advanced analytics platforms and tools can develop and manage high volumes of behavioral data entity profiles and then continue to learn as they collect more data.
The platforms can also make real-time, informed decisions from the available data. In this way, they can keep customer accounts secure from data breaches and account takeovers. Because of the speed that this machine learning capability delivers in terms of decision-making, there is minimal friction in the payment process. With fast, yet highly secure, transactions, customers enjoy their experience much more than the earlier process.
PSD2 is now in use. Legacy systems no longer work in terms of security or customer experience. Rather than suffering with the same issues as many banks and other payment service providers, the emergence of new regulations like PSD2 signal it is time to invest in developing new payment platforms with this recent technology.
However, through the ability to provide additional financial services, reduced fees, and enhanced customer experiences, you’ll be able to reach, engage, and retain more customers while raising security levels and maintaining compliance.
If you are ready to learn more and enact a comprehensive change to your digital payment platform, please download Worldpay’s PSD2 eBook. It supplies a wealth of information on the benefits and process of addressing all PSD2 requirements.