PSD3 is the latest iteration of the Payment Services Directive in the European Union (EU).
On 28 June 2023, the European Commission presented its proposals aimed at modernising PSD2, and the broader financial sector through digital transformation. On the same day, the Commission also published proposals for a new Payment Services Regulation (PSR).
One year on, the payments industry is preparing for a new age, and whilst a definite timeline is yet to be announced, one thing is clear: it will shake up the payments experience for merchants operating across the continent.
A short history of PSD
The Payment Services Directive (PSD) was first introduced by the EU in 2007 to standardise payment services across its member states.
It sought to remove obstacles to electronic payments by establishing a common set of rules. Before its implementation, each country had its own payment service rules, leading to fragmented markets and limited cross-border payment options.
PSD has changed things for the better, promoting a unified market and opening the door for new payment providers. The regulation had a positive impact on consumer rights, requiring payment service providers (PSPs) to improve user experience and enhance data security. It also prompted a rise in new use cases, such as contactless and mobile payments, and has been likened to a rising tide that lifted all boats.
PSD2, introduced in January 2018, implemented new measures like Strong Customer Authentication (SCA) for online payments to reduce fraud. It also allowed the newer payments players ushered in by Open Banking, such as payment initiation service providers (PISPs) and account information service providers (AISPs), to operate with customer consent. This laid the foundations for the development of innovative new financial products and services.
Under PSD2, certain types of transactions may not require SCA to be applied. In the case that transactions meet certain criteria, you, or your acquirer, can request an exemption by the issuer. This typically includes payments below €30, and recurring card transactions.
What’s new with PSD3 – and how will it affect you?
The main driver for PSD3 is the harmonisation of the European payments market, reducing the space for national variations.
To achieve this vision, the PSD2 regulation will be split into two distinct elements: PSD3 will be a directive focusing on PSPs’ operations, setting out stricter rules regarding SCA. While this was already one of the core PSD2 requirements, the exact method for validating a transaction changes with PSD3. This will be adopted locally by each country. The PSR, meanwhile, has been created to provide an updated overview of banks’ responsibilities, and will automatically become law for all member states.
The creation of the PSR ultimately means the scope of PSD3 will be far greater than that of PSD2. There is a lot to consider, and you should think about partnering with a payments expert to help you navigate the new landscape.
Here are some of the key developments you should be aware of:
- SCA will be reinforced amidst a wider push to strengthen user protection. New rules will be created around data access, payment protection, and authentication of users. In the PSD2 environment, for example, two methods of identification from different categories (knowledge, possession, inherence) have to be used, but under PSD3 two of the same categories will be able to be used. In addition, the verification process for credit transfers, especially instant payments in euros, will now include an extended IBAN/name-matching verification.
- Accessibility will become more of a priority. SCA will have to be accessible to all consumers, including the elderly, non-tech-savvy consumers, and those living with disabilities. This means banks and PSPs will be required to offer authentication methods that go beyond using a smartphone. For AISPs, banks will apply SCA only for the first access to payment account data, with the AISP then responsible for subsequent data access, unless there are fraud suspicions.
- Exemptions will change. Whilst, for example, subscriptions used to be included in SCA, requiring constant authentication, only the first transaction will require it under PSD3. And mail and telephone orders (MOTO transactions) won’t need SCA anymore, which should benefit sectors like travel and hospitality.
- There will be more requirements for data management. Merchants will have to share more of their data with issuers so they can monitor information like user location, spending habits, transaction history, and device IP. PSPs will also have access to personal data to prevent fraud, without needing explicit consent from their users under the GDPR. PSPs will be allowed to share fraud-related information to enhance transaction monitoring, and indeed be obliged to provide education on payment fraud awareness for their customers and staff, while refund rights will be extended for victims of IBAN/name verification failure, or so-called “spoofing” fraud.
- The competitiveness of Open Banking services will receive a timely boost. PSD3 will require dedicated data access interfaces to be free from obstacles. Additional checks on permissions granted to PISPs and AISPs, and restricting payment initiation only to specific beneficiaries, will no longer be allowed. Instead, banks and PSPs must create a dashboard for Open Banking consumers, which will give them a clearer view of their granted data access rights, including recipients, and provide a withdrawal function for added control.
Finding the right partner to help navigate a new landscape
The full PSD3 and PSR rules are currently under review by the European Parliament and European Council. While we can’t yet be sure of the exact implementation timeline, we do know the final version of the texts will be published later this year or in early 2025.
There is typically then an 18-month transition period granted to organisations to adapt and ensure compliance. So it’s likely PSD3 will enter into force during 2026.
At payabl., we’re closely tracking these developments and will help the merchants we work with to understand, and adapt to, the upcoming changes.
With unrivalled experience in helping merchants navigate the complexity of an evolving payments environment, we’ve established ourself as a trusted partner that enables ambitious businesses to unlock growth.