PSD2 Requirements: Responding to Key Market Trends

CSR report image

The revised Payment Services Directive (PSD2) is changing the rules of the game for the payment industry. By September 2019 Payment Service Providers (PSPs) in the European Economic Area (EEA) have to comply with the directive’s requirements for strong customer authentication (SCA) and provide third party access to consumer financial accounts or risk losing their payment provider licence.

The two specific changes with PSD2 are:

  • SCA: Applying multi-factor authentication, requiring at least two of the following independent factors of authentication: Knowledge (password, pin), Possession (smartphone or hardware token), or Inherence (fingerprint/facial recognition, behavioral biometrics).
  • Access to the account: The right for Third-Party Payment Service Providers (TPPs) to access the payment account held by the Account Services Payment Service Providers (ASPSP) (ex: banks, credit issuers) with consumer consent.  The TPPs  must provide the same service level as regular online banking.

The new directive is a response to some key market trends. One of these was the arrival of the Application Programming Interface (API) economy, facilitating third-party access to bank accounts. Open banking is a common topic within retail banking and payments. By having an open API this gives the third-party developers access under specified conditions. Companies such as Amazon, Google and PayPal use APIs as part of their core product proposition, and banks have already begun exposing their data for use by third party providers (TPP) through open APIs.

SCA requirements will likely increase consumer friction in the payment process. However, there are multiple options to ensure consumers continue to have a seamless experience while businesses stay in compliance. PSPs can seek exemptions from SCA by employing whitelisting, where a customer designates a business as a trusted beneficiary. A good example of whitelisting is when merchants rely on card-on-file payments.  Merchants can also offer payment options that do not fall under the SCA requirements such as direct debit (for instance subscriptions and utility bills). Though there is a credit risk that the merchant could incur with either of these options, this could be an acceptable trade-off if it helps reduce friction in the customer journey.

To learn more about how PSD2 will impact the payments market worldwide, download the full Aite report iovation, a TransUnion company, developed with research and advisory firm Aite Group.

Download Now

If you’re a consumer with questions or issues related to your personal credit report, drivers history report, disputes, fraud, identity theft, credit report freeze or credit monitoring services, please visit our Customer Enquiries page for assistance.

Contact Us

TransUnion would like to send you original insight, commentary and research on data, software and analytics, early notifications of exclusive events and information about our products and services. If you would like to receive that information, please let us know using the following options:

Business enquiries: If you have a non-sales related query please call us on (+44) 0113 388 4300

Please read our privacy notice , which explains who we are, how we collect and use your personal information and how you can exercise your privacy rights.

We're sorry, your request failed. Please try again in a little while.