What you need to know about PSD3
2 November 2023

What you need to know about PSD3

2 November 2023

In the ever-evolving landscape of financial services, staying up to date with regulatory changes is crucial, especially when it comes to payment services. The Payment Services Directive (PSD2) has been a game-changer, introducing Strong Customer Authentication (SCA) and promoting open banking. 

What is PSD3?

Now, as the European Commission proposes to replace PSD2 with PSD3 and introduce the Payment Services Regulation (PSR1), it's essential to understand the implications for financial institutions, particularly banks, and how innovative solutions like passwordless authentication can help.

PSD2 becomes PSR1

The most significant change introduced by PSD3 is the transition from a directive to a regulation. This means that most of the payment rules from PSD2 will fall under the Payment Services Regulation 1 (PSR1). Unlike directives, which can be interpreted differently by each EU country, regulations apply uniformly across all member states. This shift will lead to a more harmonized payments market with fewer differences and inequalities between countries. 

In addition to PSR1, PSD3 will focus specifically on licensing and authorization for payment and e-money institutions.

What are the key changes under PSD3?

The changes aim to address the gaps and shortcomings identified in the previous version, PSD2. By modernizing payment services and opening up financial services data, PSD3 and PSR1 strive to ensure improved consumer protection, foster competition, enhance security, and build trust within the industry. The proposal seeks to streamline and standardize payments across the EU, making transactions more efficient and secure.

  • Merging E-Money and Payment Institutions 

One of the significant updates introduced by PSD3 is the merger of e-money institutions and payment institutions, simplifying the licensing process and promoting a more efficient and competitive market. This consolidation aims to streamline operations and provide a more comprehensive regulatory framework for these institutions.

  • Enhanced Fraud Protection Measures

PSD3 proposes an implementation of a risk-based approach to fraud prevention, leveraging technologies such as IBAN and name matching. This measure aims to enhance security and protect consumers from fraudulent activities, ensuring a safer payment ecosystem.

  • Clarifying Strong Customer Authentication (SCA) Requirements

PSD3 seeks to clarify and refine the requirements for Strong Customer Authentication, which aims to strengthen the security of online payments. By setting clear guidelines, PSD3 aims to strike a balance between security measures and user convenience, ensuring smooth and secure transactions.

  • Transparency Reforms

Transparency is a cornerstone of the proposed changes. PSD3 aims to introduce transparency reforms that empower consumers with greater visibility into their payment transactions, fees, and charges. This transparency fosters trust and enables customers to make informed decisions.

  • Improved Access to Bank Account Services

PSD3 aims to enhance access to bank account services for payment institutions, promoting competition and innovation. By facilitating access to account information and payment initiation services, PSD3 aims to create a more dynamic and open financial ecosystem.

The proposed changes from PSD2 to PSD3, accompanied by PSR1, reflect the European Commission's commitment to modernizing payment services, improving consumer protection, and fostering innovation. The introduction of PSD3 will bring about significant advancements in the efficiency, security, and transparency of payments within the European Union. It is an important step towards shaping the future of the financial sector and ensuring a seamless and secure payment experience for all stakeholders involved.

Future-proof payments

The evaluation of PSD2 revealed that Strong Customer Authentication had a significant impact on reducing fraud, a clear win in bolstering the payment ecosystem's security. However, as fraudsters adapt, regulatory measures must follow suit.

In our next blog, we’ll be looking closely at the evaluation of Strong Customer Authentication as well as proposed amendments to SCA under PSR1.

Get In Touch

Find out how our private-by-design MFA can help your organization prevent ATOs, improve UX, and protect your bottom line.