PSD3 is coming.
Discover what you need to know.

Open banking exists thanks to a combination of customer demands for more innovative financial services, technological leaps, and favourable regulation. Our explainer will enable you to get a clearer understanding of:

• The open banking story so far
• Why PSD2 was a revolution for EU merchants
• How open banking has changed the payment landscape
• The impact of the June 2023 PSD3 revisions
  

What is PSD3?

PSD3 is an upcoming framework that regulates electronic payments and the banking ecosystem within the European single market. It outlines the rules for authorising and supervising non-bank payment service providers (PSPs). PSD3 is an evolution of PSD2. 

What is PSD2?

PSD2, or the Revised Payment Services Directive, is a European regulation that aims to enhance the security of electronic payment services and promote innovation in the European payments market. 

PSD2 sets rules for access to payment accounts by third-party providers like Brite Payments and seeks to protect consumers while fostering a more integrated and secure payments ecosystem.

What is open banking, and what did PSD2 provide?

Open banking is where account information service providers (AISPs) and payment initiation service providers (PISPs) offer value-added services by accessing user account data from banks and payment account providers. PSD2 provided a regulatory framework for open banking. Banks must facilitate secure access to payments data for AISPs and PISPs. It has helped to make open banking-powered account-to-account payments one of the best methods to pay and get paid across Europe.

What is the Difference Between PSD2 and PSD3?

PSD3 builds upon the progress made by PSD2. PSD3 will introduce new regulations and extend the scope of existing ones to improve both the security and efficiency of electronic payments in the EU.

How does PSD3 Work?

Now we have had the first PSD3 consultation. it is a proposed directive and details about the operation of PSD3 have yet to be fully available, like its predecessor. It will likely establish rules for the authorisation and supervision of payment institutions. The aim is to enhance security, transparency, and competition in the payments industry.

What changes are happening to open banking?

The PSD3 changes to open banking aim to improve its functioning without causing market disruption or increased implementation costs. These changes include new requirements for dedicated data access interfaces and a list of prohibited obstacles to data access. 

Banks will no longer need to permanently maintain (unless where exempted) two data access interfaces (a dedicated one and its “fall-back”). Additionally, banks and other payment account providers must implement a consumer “dashboard” to allow users to manage data access rights and withdraw access.

How does PSD3 impact banks and financial institutions?

PSD3 will likely significantly impact banks and other financial institutions, particularly those operating in the EU. It could introduce new compliance requirements, impact business models, and create opportunities for innovation and competition. For example, connected to the arrival of PSD3 for payments providers is another piece of legislation: CESOP.

Why is PSD3 Coming?

As payment service providers continuously develop their products and digital transformation transforms the payment landscape, the European Commission must update the rules to enhance security and foster innovation.

These rules will further improve consumer protection and competition in electronic payments and empower consumers to share their data securely to get a broader range of better and cheaper financial products and services.

PSD3 will ensure consumers can continue to safely and securely make electronic payments and transactions in the EU, domestically or cross-border, in euro and non-euro.

What are the main changes that PSD3 proposes?

These amendments bring about meaningful changes to the EU payments framework without completely overturning it. 

PSD3 will enhance the efficiency and security of EU payment markets by:

1. Strengthening measures to combat payment fraud.
2. Granting non-bank PSPs access to all EU payment systems while implementing necessary safeguards and ensuring their right to hold a bank account.
3. Enhancing the functionality of open banking. Specifically, data interfaces, removing barriers to open banking services – giving consumers more control over their data access permissions.
4. Empowering national competent authorities with more robust enforcement powers and facilitating the implementation of clarified rules.
5. Further improving consumer information and rights.
6. Enhancing the availability of cash.
7. Consolidating the legal frameworks governing electronic money and payment services.

These amendments aim to optimise the EU payment landscape, improving security, accessibility, and transparency for all stakeholders involved.

How will PSD3 make payments safer?

PSD2 made payments safer for payers by introducing strong customer authentication (SCA), which involves at least a two-phase authentication of a payer’s identity. However, PSD3 will go one step further in making payments safer and more efficient.

Key points of the PSD3 proposal to make payments safer:

1. The Commission proposes a new service which identifies and signals to the payer before the completion of a payment order of discrepancies between the name and unique identifier of a payee. Instant credit transfers must now verify if the name and IBAN match.
2. Exemptions for certain types of transactions, such as merchant-initiated transactions, which include safeguards to prevent fraud.
3. Explicit linking of the specific amount and payee to be authenticated for remote payments.
4. Simplified application of SCA for payment account information services. Banks should apply SCA only for initial access to payment account data and subsequent data accesses managed by account information service providers.
5. Enhanced use of digital passthrough wallets, requiring SCA at the moment of payment instrument enrollment to strengthen security.
6. Accessibility of SCA methods tailored to individual needs, ensuring a diverse range of technologies and devices for authentication.

These changes will further enhance payment security and protect payers from fraud.

Will PSD3 apply to all types of electronic payments in the EU?

It will likely apply broadly across the EU’s payments landscape, similar to PSD2.

How can businesses comply with PSD3 regulations?

Compliance strategies will depend on the final details of the PSD3 regulations. Businesses should monitor developments closely, seek advice from legal and compliance experts, and prepare to adapt their operations and business models accordingly. If you are a merchant and use a PSP, the PSP will be required to stay compliant with any new regulations, not you as a merchant. Don’t be afraid to ask questions to your PSP once PSD3 becomes law about what they are doing to ensure compliance.

When will PSD3 arrive?

We don’t know for sure. But if we can learn anything from history, it took PSD2 three years to go from a proposal to law in 2018. Therefore, we expect that the PSD3 revisions released in June 2023 will likely turn into EU law in 2026. From that point onwards, companies will have another two years to comply with PSD3.

Is Brite Payments compliant with PSD3?

When PSD3 comes into law, Brite Payments will be compliant. As a payment service provider, Brite guarantees that merchants always utilise a payment method that complies with the latest technology and regulatory standards.