PSD3 is well intentioned, but can it work?

On 28 June, the European Commission published plans for its third payment services directive (PSD3), the successor to 2018’s PSD2.

PSD3 is well intentioned, but can it work?

While these plans seem sound enough, questions remain over both the efficacy of the measures intended and, more than anything, market appetite for some of them.

The meat of the EU proposal focuses on fighting fraud, improving consumer rights, enabling access to banking services for non-banks and driving the further development of Open Banking.

There’s also an interesting nugget about guaranteeing the right to access cash, something some member states (Sweden and Norway) and non-member players such as the UK and Switzerland have already written into law.

So far, so good: the proposals look sensible, especially at a time when both fraud attempts – and overall losses – are spiralling.

“Although fraud rates remain low, losses are rising fast as digital commerce volumes explode.”

Even though the percentage of fraudulent transactions may not have increased much, digital transactions are increasing so fast – by more than a third in the last five years – that losses in the online channel are rising unsustainably.

According to research from Signifyd, losses in some fraud categories rose by 100% between 2020 and 2021 – after PSD2’s provisions had been implemented.

What’s more, Signifyd’s work shows that PSD2 introduced unwelcome levels of customer friction into the transaction process.

Part of the problem is that PSD2 brought in a fixed measure – strong authentication – to combat a nimble, protean adversary: the criminal fraternity.

Fraud changes more quickly than we can fight it in the digital environment.

Against this background, the EU now looks to be doubling down on its commitment to strong customer authentication (SCA).

Unless this commitment takes the form of a manageable digital ID solution and/or an easy-to-use biometric solution, it’s hard to see how more SCA can help if it means more friction.

While PSD2 has probably helped reduce fraud, the requirement that all online transactions over €30 should either be able to prove exempt status or face escalated authentication has proven unpopular with merchants and issuers alike.

Exactly what the Commission intends here will become clearer over the next two years: but more consumer friction cannot be part of the answer.

“The Commission’s commitment to widening access for non-bank players is curious – big tech faces far less regulation than banks.”

There are other concerns, too, when it comes to the Commission’s plans for Open Banking.

Private client research undertaken by our researchers at Payments Cards & Mobile reveals the implementation of Open Banking across the EU to have been wildly uneven so far, with markets such as the Nordics and Poland surging ahead, while others have yet to implement a single open API standard or show much consumer or bank appetite for Open Banking.

In that regard – and at a time when banks are struggling to remain profitable – the Commission’s commitment to widening access to the banking market for non-bank players is curious.

Many European banks have gone on record to say that they cannot compete with the big “tech pays” which remain subject to far fewer regulatory hurdles than they face, so why the Commission feels non-bank actors need more help is anyone’s guess.

Industry has made welcoming noises regarding the EC’s proposals.

Tom Burton from GoCardless has praised what he called “an improved version” of PSD2 “taking shape”, while noting that “today marks the start of a long political process.”

Meanwhile Todd Clyde, CEO of Token.io, said, “We welcome the European Commission’s statement that banks and TPPs are free to establish commercial arrangements for ‘premium’ APIs, through which enhanced functionality and value-added services beyond those required under regulation can be provided.”

Payments Cards & Mobile Says:

Forward-thinking, strategic regulations such as PSD3 and its successors are vital to the healthy functioning of any financial system.

That said, the implementation of PSD2 can hardly be described as trouble-free and, when it comes to Open Banking, appears less successful in terms of adoption than might have been hoped.

Visions and plans for PSD3 are great – but without meaningful implementation, they aren’t a lot of use.

For all that PSD2 represented a leap forward in terms of transaction security, the focus must now be on developing Open Banking services in the interests of consumers and the often-neglected SME sector.

We will continue to follow developments with interest.