Contact us
Search

  • POVPSD3 and PSR: Paving the Way for Streamlined Payment Solutions in Europe

    PSD3 and PSR: Paving the Way for Streamlined Payment Solutions in Europe

Introduction

The Payments Services Directive (PSD) is a regulation that aims to modernize the European payments market. It was introduced to enhance consumer protection, promote competition, and foster innovation in the payments industry. PSD2, the second iteration of the directive, came into effect in 2018, bringing significant changes to the way payments are made in Europe. The European Commission concluded that PSD2 is overall successful since its introduction brought significant changes like reduced fraud, enhanced security, boosted innovation, and led to the successful emergence of open banking. 

Payments Services Directive

PSD3 and PSR are new proposals from the European Commission to further streamline payment solutions and strengthen the foundation of governance, risk and compliance (GRC) laid by earlier PSDs. They will significantly impact banks, FinTechs, payment service providers, and customers, both from a legal and operational perspective. 

PSD3 seeks to enhance competition in the payments sector while defending the rights of customers and their personal data. The focus of PSD3 will primarily be on licensing and the operation of service providers, hence creating a level playing field for non-bank payment suppliers. At the same time, consumer protection and security of transactions will be strengthened, hence aligning the sector with ongoing digital transformations and their associated risks and opportunities.

PSR, on the other hand, seeks to enhance consumer protection, an area where uniformity of regulations is essential. PSR, once ratified and put into effect, will directly affect all EU member states.

Key Trends

PSD3 is set to introduce several key revisions to the European payments landscape. They include:

Enhancing consumer rights and data security

There has been remarkable growth in the payments sector, and the rise in direct payment methods, fueled by the convenience they offer, has also led to the emergence of increasingly sophisticated fraud mechanisms. It is essential to strengthen user data and introduce a range of measures between banks and Payment Service Providers (PSPs). A few key requirements such as Strong Customer Authentication (SCA) allow PSPs to exchange fraud-related information, introduce International Bank Account Number

(IBAN)/name matching, establish fraud monitoring, potentially upgrade infrastructure, and implement improvements around consumer rights to enhance overall transparency and extend the right to refunds in case of fraud. PSPs also need to run educational campaigns and training for their employees and customers for awareness and to prevent fraud risks.

Encourage competitiveness of open banking

PSD3 allows payment data to be securely exchanged between banks and PSPs (like payment providers, lenders, and insurance companies), based on the consumers’ requests and consent. While open banking was one of the main features of PSD2, with PSD3, users will have better control of their financial details and clear insights into the access granted to PSPs. Users, via dashboards, will be able to withdraw data access to any PSP at any given time. These measures also concern investment and insurance, which are important for the Financial Data Access (FIDA) regulatory proposal.

Further level the playing field between banks and non-banks

Non-bank PSPs are highly dependent on banks for payment services. With new directives, non-bank payment institutions will have less dependency on banks and can offer direct services to their customers. This will not only increase healthy competition in the payments industry but also result in new and better products and services in the market. Market players will now need to focus on customer experience and low costs to ensure acquisition and retention.

Boost the availability of cash

PSD3 enables merchants to offer cash services in shops and via ATMs. Major retail outlets in Europe accept debit cards for purchases and provide cash to customers as well.

Strengthened enforcement and unified implementation

While PSD3 remains a directive, with the focus primarily on licensing and operating PSPs, it will continue to be incorporated into local legislation. However, what was previously under PSD2 is now moved to PSR, which will cover most banks’ responsibilities. This will increase harmonization, and with uniform enforcement, promote competition between banks and PSPs that may have benefited from varying approaches across member states where they operate. Further, the proposal also suggests strengthening the penalty provisions and merging the e-money framework into PSD3 and PSR.

Although PSD3 and the PSR are major changes, Instant Payments Regulation (IPR) and Financial Data Access (FIDA) are being introduced in parallel. Also, the Digital Operational Resilience Act (DORA) will be applicable in early 2025 and needs a range of cybersecurity and organizational changes to meet its requirements. There will be strategic benefits in taking a holistic approach while implementing these regulatory changes.

Timeline for PSD3 / PSR Compliance

The timeline for the introduction of PSD3 is still being reviewed by the European Parliament and Council. The exact timelines are not yet known, but final versions may become available by mid-2025. The EU’s member states are usually granted an 18-month transition period, translating to PSD3 becoming applicable during 2026/ 2027.


Timeline for PSD3 / PSR Compliance

Opportunities and Considerations for Financial Organizations in the Face of PSD3

The upcoming changes translate to both opportunities and challenges for financial institutions. Here are the main aspects to consider while implementing PSD3/ PSR:

Level Playing Field


PSD3 addresses the need for a level playing field between non-bank payment providers and traditional banks. It grants payment and e-money institutions the right to access settlement infrastructures across the EU directly, which banks can leverage to enhance their services. Banks can extend their cooperation to FinTechs, leading to a broader market approach. Using this opportunity for growth requires investments in technical infrastructure and organizational changes.


Level Playing Field
Enhanced Security and Fraud Prevention

Enhanced Security and Fraud Prevention


With SCA in action, fraud remains a critical concern. In 2023, nearly 60% of banks, credit unions, and FinTechs lost over EUR 500K  in direct fraud losses. PSD3 aims at enhancing payment security and transparency by adopting validation measures like the ‘confirmation of payee,’ which is used in the United Kingdom. This name-checking service assures that money is sent only to the intended recipient. Other improvements include a liability model for cases of Authorized Push Payment (APP) fraud and transaction monitoring to facilitate SCA.

Banks can leverage these security enhancements to build trust with their customers by providing secure financial transactions. With more investments into security and transaction monitoring (due to PSD3), banks will be able to achieve lower transactional risks and therefore, lesser potential losses due to fraud.


Enhanced Security and Fraud Prevention

Open Banking Evolution


PSD3 enhances consumer access and usability in open banking. The performance and availability of applications will be improved through detailed API specifications like a permissions dashboard. Banks can benefit from wider data access (under FIDA) and cross-border innovation.

Banks can integrate account information services into their processes such as credit scoring based on a customer’s payment history, with opportunities to capture the market share through innovative customer-centric solutions, personalization, and a wide range of services.


Open Banking Evolution

How can LTIMindtree support the implementation of PSD3?

Support-Section

LTIMindtree is a prominent strategic partner to global and regional banks, card networks, FinTechs, service providers, and regulators. With banking and financial services being our largest practice, we possess extensive expertise in core modernization and financial wellness. This includes risk, compliance, and regulatory reporting about security, API implementations, and secure infrastructure development. 

Through LTIMindtree’s intelligent payments framework, we bring deep expertise and conduct in-depth assessments to determine an organization’s level of compliance and identify gaps in current security measures and API implementations. Based on the outcomes, we initiate a remediation plan and implementation strategy to strengthen the overall security posture. 

Leveraging these capabilities and experience, comprehensive support can be provided in the implementation of PSD3 and PSR at all stages including:

  • Embedding security measures and compliance controls in the overall system.
  • Security compliance, from designing of controls to implementation, along with attestation.
  • Assisting with risk and compliance management.
  • Supporting policy/process formulation and back-end documentation support for presentation to regulatory authorities.
  • Assessing gaps in risks and ascertaining the compliance posture of organizations from a security perspective.

LTIMindtree has successfully implemented PSD2 compliance for a large European financial institution. This organization was the first to implement and process 100% transactions adhering to PSD2 compliance transactions. Just after this engagement, there were 1,218,984 approvals and 684,457 rejections of transactions of PSD2 – SCA category.

Conclusion

In conclusion, PSD3 introduces significant advancements to the payment services landscape, particularly through FIDA, which expands access to non-payment data. PSD3 is designed to keep pace with rapid technological advancements while enhancing consumer protection. By fostering open banking and encouraging competition, it aims to drive innovation and create a more dynamic payments market. Additionally, by simplifying cross-border transactions, PSD3 contributes to the development of a more integrated and efficient market across Europe. Succinctly put, PSD3 empowers consumers by providing more options, security, and transparency in managing their financial activities

Authors

 
Swati Jain

Swati Jain

Technical Project Manager at LTIMindtree


References

Contact Us