PSD2 - the basics: what is the new directive really about?
At the beginning of this year, PSD2 came into effect. It has been practically impossible to avoid hearing about this new directive - it has been plastered all over blogs and news media for a while now. But do you really know what it is all about?
Why do we need PSD2?
This is a question that a lot of people wants an answer to - what’s the purpose of this new payments directive? Don’t we already have one? Yes, we do. But PSD1, as the first version is called, is simply outdated. It came into effect back in 2007, and quite frankly the world has changed a lot since.
First of all, technological advances have pushed the payment industry forward. We’re seeing entirely new payment methods and entirely new business models - and these need to be regulated. For example, what kind of rules apply to mobile payments? And how are new businesses like Moneybox and Amazon Dash buttons regulated? These are the type of questions that PSD2 aims at answering. The new directive specifies which existing legislation the new payments and businesses are subject to, or states new rules that apply specifically to these new market players.
Secondly, PSD1 had some shortcomings. Some parts of it were a bit ambiguous, others contained loopholes. In order to clarify these misunderstandings and to close any gaps, there might be, PSD2 was proposed. That is, PSD2 is not a complete redo of PSD1, it is simply a more specific, complete, and comprehensive version.
These new fixes all aimed at one of two things; increasing consumer protection or establishing equal terms for competition. In PSD2, a lot of measures are taken to reduce risk and secure clear guidelines in a way that makes legislation more transparent. Consumers know what they can expect from businesses, and businesses know what they can expect from banks, PSPs, and other businesses.
What is PSD2?
So what is PSD2 really about? Well, the second Payments Service Directive from EU has the purpose of regulating the payments industry across the entire EU. When it came into effect, it repealed PSD1. The directive is split into 12 sections, called mandates. Each of these mandates regulates a specific area. A mandate consists of either a set of guidelines or regulatory technical standards, both of which regulate the area at hand. However, despite PSD2 coming into effect as of January 2018, not all mandates have been implemented yet. Here’s a timeline for a better overview:
It is still unclear when the last three mandates will come into effect. These mandates are:
- Regulatory Technical Standards on home-host cooperation
- Regulatory Technical Standards on European Banking Authority register
- Regulatory Technical Standards on central contact points
You may think that this is a lot to take in - but don’t worry. As an owner of an online store, there’s not that much to account for. Most of the PSD2 rules are directed at payment service providers such as banks, gateways, and acquirers. For online store owners, only three topics will affect you:
- Ban on surcharging
- Requirements for Strong Customer Authentication
- New business opportunities (PISPs and AISPs)
Each of these will be elaborated on in later blog posts - so stay tuned if you want to know what you need to do, in order to comply with the new legislation.