Open banking: will PSD3 change everything?

The revised Payment Services Directive, commonly referred to as PSD2, was first introduced in the European Union (EU) in 2016. This legislation had the broad goal of modernising banking operations while facilitating the creation of a single digital market in the EU. 

Consumers are often seen as the primary beneficiaries of the PSD2, but with it came more competitiveness in the financial services market, tailored services, products and quicker payments. In a nutshell, here are the three main benefits that were introduced by the revised Payment Services Directive: 

1. Increased consumer rights

2. Improved security 

3. Permission for regulated third parties to access payment account information

How does the PSD2 work?

There is a lot of freedom in how each Member State of the European Union adopts and implements the PSD2 regulations under their own laws. Banks and other financial institutions are required to provide APIs (Application Programming Interfaces) for regulated and licensed external service providers that we know as third-party providers. 

These providers can then use those APIs to offer a variety of account information and payment services. These can range from personal finance management apps to software designed to help e-commerce with direct PSD2-compliant payments. 

What is PSD3?

The new revision of the Payment Services Directive will probably be drafted by the European Commission (EC) after this ongoing round of consultations. The aim is to regulate electronic payments and the banking ecosystem as a whole in the European Economic Area (EEA).

We are still in a very early stage of this consultation phase, so the PSD3 should not come into full effect before 2026, at the earliest. 

Most likely, the PSD3 will improve some key elements of the present regulation, deepening the focus on security, consumer rights and the value of services and products offered in the current financial landscape.

PSD3: is it already necessary?

Although we can all benefit from this regulation through the quality of products and services it promotes, the European Union is already pushing for consultation regarding improvements to the current version of the document. 

This process began in May 2022, and there is already a fair amount of speculation about what the new revision of the Payment Services Directive will bring to the table. Most importantly, the financial markets are very interested in understanding the effect of any updated regulations on the banking system and the payments sector.

That a revision is already necessary is clear because a well-functioning market has to take consumer needs and technological advances into consideration, not to mention social and economic changes – something that we are now well aware of. 

If we go back a few years, the first version of this regulation, the PSD1, was introduced in 2007, with the revised document being introduced in 2016. Over six years have passed, and the world has changed enough to require a fresh look at what regulation can be updated to balance the market and improve people’s lives. 

From PSD2 to PSD3: what are the main differences

It’s essential to ascertain if stakeholders feel the current version of regulations continues to lack features that would allow them to fulfil more of their requirements.

Here are some of the questions that are being asked regarding the PSD2:

• Was PSD2 effective: has PSD2 managed to fulfil its main goals? What are its main benefits, and the main challenges it faced? Can PSD3 solve them?

• Was PSD2 worth it: was PSD2 a justified regulation? Did it promote equality across the board?

• Is a new revision relevant: how did the market evolve, and who are the new players, technologies, and needs?

• Will PSD3 be efficient: what are the costs and potential benefits of the implementation of PSD3? 

Looking back at the main challenges faced by PSD2, the EC has already highlighted some key areas that could, and probably should be addressed in PSD3 to enable greater competition in the financial market.

Regulating new products and services

PSD2 brought FinTechs and Big Techs to the mix, allowing for products and services that were not available before. Buy Now, Pay Later (BNPL) solutions, contactless payments, digital wallets — all of these are likely to be analysed and integrated into PSD3. 

Cryptocurrency has also seen a great surge in interest, so it’s very likely that the EU will try to improve security and transparency in that space.

Fighting against payments fraud

The PSD2 has vastly improved security, especially in payments, with third-party Providers (TPPs) forced to use Strong Customer Authentication (SCA). However, this hasn’t eliminated payment fraud completely. 

PSD3 is likely to introduce the necessary changes to ensure new payment solutions are secure by implementing updated security and transparency features — perhaps a revision of SCA.

Accessing account information

Access to payment systems and infrastructure may be a focal point of the PSD3. API standardisation is touted as extremely important for an open finance economy, as it could be key to improving quality.

This also has the potential to help FinTechs that are interested in accessing account data by reducing barriers to entry.

Improving regulation enforcement

The licensing and supervision of TPPs, especially Payment Initiation Service Providers (PISPs), will also probably be refined as they become increasingly relevant. 

The broader impact of PSD3

The EU has strong expectations regarding this new revision of the Payment Services Directive, especially in the economic area.

Digitalisation is not proving to be easy despite all its apparent advantages. Still, it is a challenge that must be met if the push for even more competitiveness and more significant development of the single digital market is to be maintained. Ideally, PSD3 can also have a significant positive social impact by mitigating possible deterrents to practical application, convenience, and consumer protection. 

There is, however, still a long way to go. After this consultation phase is completed, we should have to wait for the first half of 2023 for the EC to draft the final document. Only then will each Member State of the EU/EEA have to integrate it into national law, which makes it very unlikely that we will see the new PSD3 come to fruition before 2026. 

GoCardless and secure payments

GoCardless can help businesses with secure payment collection. With GoCardless, customers provide payment details via our secure site, so you will never need to touch sensitive financial information. Using a trusted provider like GoCardless can also help customers feel more secure in handing over their personal data. Furthermore, if you use an automated bank payment collection method such as Direct Debit, your customers will also be protected against unauthorised payments by the Direct debit Guarantee.

The Chartered Institute of Environmental Health (CIEH) is the membership and awarding body for environmental health. As part of a digital transformation, CIEH moved its payment process to GoCardless to become more secure and compliant with payment collection.

Previously, CIEH stored all its members’ Direct Debit details in its CRM, which Head of IT Justin Turner identified as a security and compliance risk:

As well as becoming more secure and providing customers with greater confidence and peace of mind, CIEH was also able to streamline payment collection and reduce admin time by 90%, Membership Officer Zoe Beresford explains: