PSD3: What financial institutions need to know now

Digital transformation Compliance Banking Payments
In the ever-evolving landscape of financial services, regulatory changes are often the driving force behind innovation and improved customer experiences. The Payment Services Directive (PSD) has been a crucial set of regulations in the European Union (EU) that has helped shape the payments industry. As we look ahead, it's time to turn our attention to the upcoming third directive – PSD3 – and its implications for financial institutions.

What is PSD3?

The Payment Services Directive 3 (PSD3) is the latest iteration of the EU's regulatory framework for payment services. Building upon the foundations laid by PSD1 and PSD2, PSD3 aims to further enhance the security, efficiency, and accessibility of payment services across the EU.
The directive focuses on fostering competition, promoting innovation, and safeguarding consumer rights in an increasingly digital and interconnected financial ecosystem.
"PSD3 introduces new measures to tackle emerging challenges in the payments industry, such as the proliferation of new payment methods, the rise of fintech companies, and the increasing need for strong customer authentication (SCA)."
Additionally, the directive seeks to foster a level playing field for traditional financial institutions and new entrants, ensuring a fair and competitive environment.
“PSD2 has been incredibly successful in stopping fraud and creating a more vibrant ecosystem. PSD3 is a great step forward on that journey to further protect consumers where they need protection, clarify the rules and when they should apply, and ensure new fraud challenges are addressed as well, says Gerhard Oosthuizen, Entersekt's Chief Technology Officer.

What are the differences between PSD2 and PSD3?

While not revolutionary in any way, PSD3 represents a significant evolution from its predecessor, PSD2, with several key differences. Some of the noteworthy distinctions include:

Broader scope

While PSD2’s primary focus was on payment services provided by banks and other traditional financial institutions, PSD3 extends its reach to cover all payment services, including those offered by fintech companies and third-party providers. This move seeks to create a harmonized regulatory framework for all players in the payments landscape.

Enhanced security measures

PSD3 recognizes the pressing need to combat fraud in the ever-evolving digital payments landscape. One of the major goals of PSD3 is to strengthen security standards for payment transactions and reduce the risk of unauthorized access and fraudulent activities.
Under PSD2, the emphasis was already on improving security measures through the implementation of SCA. PSD3 will look at ways to further enhance SCA by requiring the implementation of cutting-edge fraud detection and prevention systems that can analyze transaction patterns, detect anomalies, and trigger security measures in real-time.
PSD3 also emphasizes the importance of customer confidentiality and privacy. FIs will be expected to ensure that customer data is protected and used only for its intended purposes, and not exploited or shared without explicit consent.

Focus on innovation

PSD3 aims to further stimulate innovation in the payments space. The directive encourages collaboration between traditional financial institutions and fintech companies, paving the way for more efficient and customer-centric solutions.
Under the revised directive, financial institutions will also be able to recoup some of the costs of building these solutions. “This is a really good move since it will help ensure these networks and solutions are built appropriately and with the right care to service the customer,” adds Oosthuizen.

Better consumer protection, access, and payment experiences

PSD3 will bolster consumer protection measures by implementing clearer rules on liability in certain cases of fraud, such as payer manipulation and authorized push payment (APP) fraud, and other unauthorized transactions. The goal is to enhance transparency in payment processes and ensure fair outcomes for consumers, while providing clarity around exceptions and when they can be applied to enable better, more adaptive authentication challenges that enhance user experience.
It will also make SCA more accessible to disabled persons and others with difficulties, and provide easier access to cash in shops, without requiring a purchase, while clarifying the rules for independent ATM operators.
Read the European Commission’s fact sheet on PSD3. Click here.

When will PSD3 be mandated?

The exact timeline for the implementation of PSD3 is subject to approval and may vary based on the legislative process. While proposals for PSD3 were published in June this year, it is expected that the European Parliament and the Council will only finalize the directive in the coming months. Once it has been adopted, Member States will have a period of two years to transpose the directive into national law.
This means that financial institutions should anticipate the full implementation of PSD3 within the next three years.

How can financial institutions start preparing for PSD3?

Melanie Ockerse, Entersekt’s Director of Channel Partnerships in Europe, advises that proactive preparation is essential to ensure a smooth transition to PSD3 compliance. Here are some steps she says financial institutions can take to prepare for PSD3:
  • Stay informed: Keep abreast of the latest developments in PSD3 by closely monitoring regulatory updates and industry insights. Engage with industry experts and associations to gain valuable perspectives.
  • Assess current processes: Conduct a comprehensive review of your existing payment services and identify areas that need adjustment or improvement to meet PSD3 requirements.
  • Check technology readiness: Ensure that your technology infrastructure is adaptable and capable of accommodating the changes mandated by PSD3. Invest in robust security measures, advanced authentication methods, and fraud prevention mechanisms – such as Entersekt’s.
  • Collaborate and innovate: Embrace the spirit of collaboration with fintech companies and third-party providers to explore innovative payment solutions. Develop strategic partnerships that can benefit your institution and your customers.
  • Educate employees and customers: Train your staff on the implications of PSD3 and equip them to communicate effectively with customers about upcoming changes. Educate your customers on the enhanced security measures and the benefits they will experience.

In conclusion: Seize the opportunity

PSD3 represents a transformative step in the EU's payments industry, bringing with it increased security, improved consumer protection, and opportunities for innovation. Financial institutions must seize the moment and prepare diligently for its arrival.
“By staying informed, embracing innovation, and implementing the necessary changes, banks and payment providers can navigate the regulatory landscape with confidence and continue to provide exceptional payment services to their customers in the digital era,” says Ockerse.
To this end, Entersekt is already taking steps to ensure that its technology can adapt and scale to the requirements of PSD3 when the time comes. Oosthuizen, reassures: “This is the future. We’ve seen Open Banking be successful, globally, and we’re excited about the prospect it brings for our customers to interact in new ways and derive extra benefits.”

If you’re feeling unsure or unsettled about the imminent changes PSD3 will introduce, we are on standby to help you modernize your authentication and conquer this new challenge – with confidence! Speak with one of our experts today.