Initial features of the PSD3 regulation, intended to replace PSD2

Initial features of the PSD3 regulation, intended to replace PSD2

The first features of the PSD3 regulation, which is intended to replace PSD2, aim to bring payments and the financial sector into the digital age. In 2018, the second Payment Services Directive (PSD2) was implemented.

After five years of application, the European Commission has concluded that certain aspects could be improved. Therefore, in June 2023, they presented a new proposal to modify and modernize PSD2, aiming to propel payments and the financial sector into the digital era.

PSD3 regulation vs. PSD2 regulation: differences between them

The PSD marked a significant advancement in the entire financial sector, contributing to the development of a single payment market in the European Union, in fact, the PSD2 directive and its inplication on marketplaces seeks to increase the security of online payment transactions.

In this regard, PSD2 sought to deepen and enhance the fulfillment of this objective by introducing measures such as:

Firstly, new security requirements were introduced, known as Strong Customer Authentication (SCA). This mechanism mandates the use of two authentication factors in banking operations, including payments and online account access through apps.

As an example, when a user makes an online purchase exceeding fifty euros, it is no longer sufficient to input the card number and CVV; a valid second authentication factor, such as using a mobile phone to validate the purchase, is required.

Secondly, PSD2 demanded that banks open up their payment services to third parties, commonly known as Third-Party Payment Service Providers (TPPs).

It also began regulating two popular service categories: Payment Initiation Services (PIS) and Account Information Services (AIS).

PSD3 Regulation: key elements

After the European Commission published the draft of the new PSD3 regulation, the first measures have not been long in coming. One of its noteworthy measures is the establishment of a Payment Services Regulation (PSR), where measures with direct application in the territories of Member States will be set. These include:

• Combating and mitigating fraud in payments, enabling payment service providers to share fraud-related information to increase consumer awareness and strengthen customer authentication rules. There is a particular emphasis on making IBAN numbers with account names mandatory for all credit transfers.
• Improving consumer rights by enhancing transparency in their account statements and providing clearer information about fees at ATMs.
• Continuing to level the playing field between banks and non-banking entities.
• Enhancing the operation of open banking.
• Improving the availability of cash in stores and through ATMs, allowing retailers to offer cash services to customers without the need for a purchase and clarifying rules for independent ATM operators.

It is important to note that these are some initial proposals. During the directive’s development, these proposals may be expanded or removed, providing a preliminary insight into the European Commission’s main objectives.

Enactment of the PSD3 Regulation

Despite the initiation of PSD3 regulation, the relevant directive has not yet been approved. Therefore, it is still necessary to wait for these new measures to be implemented in Europe. As a directive, it should be remembered that these must be transposed by states at the national and regional levels after an adaptation period set by the European Commission.

Interestingly, despite Brexit, the United Kingdom also adopted all measures included in PSD2, raising the possibility of their adherence to these measures on this occasion as well.

At Letslaw we have a team of digital lawyers, so we will be able to help you in all the aspects you need.