PSD2 helped drive electronic payment and data-sharing volumes while enhancing security.
So why is the EU proposing to enhance it with the new Payment Services Directive 3 (PSD3) and Payment Services Regulations (PSR) package, and what does this entail?
1) Gaps in the regulatory application of PSD2. The new framework will create a consistent regulatory environment with mandated APIs. PSD2, in large parts, will be amended and replaced with the PSR. There will also be a strengthening of enforcement rules, licensing and penalties.
2) The need for a level playing field for non-bank payment providers and banks. Inconsistent application put payment providers at a disadvantage, depending on where they operate. PSD3 will also go further in giving payment and e-money institutions the right to directly access settlement infrastructures across the EU.
3) The emerging fraud landscape. Even with strong customer authentication (SCA), fraud remains a significant and evolving threat that poses the risk of consumers losing confidence in payments. PSD3 aims to enhance payment transparency and security by introducing:
- Validation similar to the ‘confirmation of payee’ used in the UK;
- A liability model for cases of authorised push payment (APP) fraud; and
- Transaction monitoring to facilitate the application of SCA.
Access to cash remains a priority—transparent ATM charges and allowing customers to withdraw cash in shops without having to make a purchase are two additional proposals.
4) Evolution of the Open Banking standards / functionality with an emphasis on enhancing consumer access and useability. More detailed API specifications (e.g. for a permissions dashboard), with clear standards, will increase both performance and availability. This standard aims to drive cross-border innovation and services and even extends to wider access to data with the Financial Data Access (FIDA) regulation as part of the overall regulatory package. FIDA is a framework that governs access to and use of customer data; there will be a new scheme for data holders to comply with.
These proposals will be reviewed by the European Council and Parliament, with application likely to happen from 2026. Yet their impact will soon be felt by all types of financial and payment institutions.
So what are the expected industry impacts?
Just like PSD2, this is a transformative piece of legislation that will affect the entire payments ecosystem. However, the scale of change and the opportunities will differ greatly among banks, payment service providers and technology service providers.
For banks: The obvious impact will be on significant cross-functional investment (e.g. across IT, Operations, Security, Risk, Compliance, etc.) that will intensify existing cost pressures. However, this should be seen as an investment with three goals: to comply, to protect their existing customer bases, and to seek opportunities to capture market share. All three will be supported by PSD3’s greater access to data (driving new propositions and revenue) and enhanced security, which will increase competition. Banks are already in a strong position with their existing relationship with customers. The potential upside lies in strengthening this and capturing new relationships, while the downside is the prospect of losing it altogether.
Commercially, there is even another incentive: the offset of investment costs by lower fraud reimbursements. Overall, therefore, a proactive cost / benefit analysis and operating model readiness for PSD3 is a surefire way to prepare for the opportunities it presents.
For PSPs: The investment case still needs to be made, but clearly the opportunity size is greater. Increased customer confidence and access / transparency with dashboards will bring new customers to existing API-enabled propositions. Also, similarly, with other financial institutions, standardized rules and name checks hold the potential to reduce operational costs and fraud-related payouts. Supporting this, cross-EU market barriers have been lowered with consistent application of PSD3 across member states. This has opened up new markets. Innovative and targeted product development by PSPs can exploit this expanded market reach.
For technology service providers: We only need look at the opportunities for banks to recognize that the same is true for TSPs. With fraud mitigation being a key part of PSD3, TSPs stand to benefit from investment in robust fraud prevention solutions. There is also the need for newer areas of technology and services: from API standardisation to name checks, data access interfaces and dashboards. TSPs will do well to focus on new product development and support for and/or partnerships with banks.
Accenture has extensive experience across payments, Open Banking and regulatory change. If you would like to discuss how we could support you as you enter this important next phase of payments and Open Banking, please reach out to me at firstname.lastname@example.org.
Read our latest thinking on commercial payments in “Reinventing commercial payments for profitable growth.”