Stay in Touch
Sign up to our newsletter to stay informed about PCI compliance news, and updates regarding new PCI Booking features.
by PCI Booking – June 5, 2019
When we, as merchants, take a payment from a customer, many factors come together to make it seamless, secure, and fast. But the world of payments, like other business areas, is seeing massive digital transformation. The era of the ‘fintech’ is firmly upon us; structures of payment are rapidly changing to accommodate new ways of selling; customer expectations in a socialized world need to be respected; and, concurrently, cybercrime figures are soaring. To deal with this heady mix, legislation in the form of the second Payment Services Directive (PSD2) has shaken the payments system.
Research by Iovation, found that only 25% of European online merchants are aware of the requirements under PSD2 for more robust and secure customer authentication. This is only one aspect of PSD2 compliance, and with the looming September 14 deadline approaching, now more than ever, merchants need to know what PSD2 is about.
PSD2 is a replacement for the earlier PSD1 framework which came into force in 2007. PSD2 came into effect across the European Union on January 13, 2018. The Payment Service Directive is a legislative framework that is designed to add elements of security and control to financial transactions. However, PSD2 states that the full Regulatory Technical Standards (RTS) will take some 18 months from the March 2018 release date of the RTS. This gives us until 14 September 2019 to ensure we meet the requirements of the legislation.
The planets have aligned in the payment space opening a gap in the existing legislation – the three main drivers for the PSD2 update are:
PSD2 affects bodies that handle payments within the European Union. This extends to an organization that is associated with an EU bank or financial service provider or Fintech player. If you are an online merchant, many of the changes in PSD2 will impact you directly.
Online merchants must comply with the PSD2 regulation, especially in certain areas which we will explore in the next section.
There are three key areas within PSD2 that affect online merchants:
Open Banking/API interfaces, and account access: While PSD2 does not require to open up an interface to banking mandatory, it is strongly encouraged. Consequently, many European banks are creating APIs that allow customers to perform direct payment transactions with merchants. The standards used to create the interface between merchant and bank means that potentially a merchant can become a PISP (Payment Initiation Service Provider) offering cost reductions and faster payments.
Surcharge bans: PSD2 bans certain surcharges. The scope of the ban is specifically focused on B2C and impacts many industries including travel. The ban can also affect B2B payments.
The directive is also designed to protect merchants saying that “neutral definition of acquiring of payment transactions in order to capture not only the traditional acquiring models structured around the use of payment cards, but also different business models, including those where more than one acquirer is involved. This should ensure that merchants receive the same protection, regardless of the payment instrument used, where the activity is the same as the acquiring of card transactions.”
A note on penalties: PSD2 sets out that penalties for noncompliance should be “effective, proportionate and dissuasive”. Ultimately, any fine is at the discretion of the EU state.
All of this can be onerous for the online merchant. However, PCI Booking is an expert in delivering compliance solutions for online merchants, specifically in the travel industry. To support you in your PSD2 needs we will:
PSD2 has been brought in to make sure that online payments remain beneficial to the customer. Benefits of PSD2 include:
PSD2 is an impactful regulation that touches all online merchants who handle payments in the EU. However, it is an important regulation to ensure that customers are protected in a landscape where fraud and cybersecurity are a serious challenge. The merchant that utilizes technology built to make PSD2 achievable, can reap the rewards of protecting their customers and open up opportunities enabled by a more open banking environment.
SPEAK TO PCI BOOKING ABOUT PSD2 SOLUTIONS