On July 24, the European Commission published a proposal for the second installment of the Payment Services Directive (PSD2).
While attention has largely been focused on the proposed multilateral interchange fees (MIF) regulation released at the same time, PSD2 – which is distinct from the MIF regulation – also has some important implications for the European payments landscape.
According to Joaquín Almunia, vice-president of the European Commission: “A level playing field will be created for payment services providers, new players will be able to enter the market and offer innovative services, retailers will make big savings by paying lower fees to their banks, and consumers will benefit through lower retail prices.”
The original PSD came into effect in November 2009 as the legal foundation for the Single Euro Payments Area (Sepa), harmonizing payment services across Europe and reinforcing rights for payment service users.
The announcement of PSD2 has been widely anticipated across the industry, with various early drafts of the proposal having been leaked to different parties in recent months.
According to the European Commission’s website, the text that has been released for the PSD2 proposal is provisional, with the final text to follow soon. The probable timeline of its implementation might be gauged by the proposal’s reference to a number of other regulations – such as the network and information security directive and the revision of the EU data protection legislation – which have yet to be finalized.
“This tells us that PSD2 cannot be negotiated through quickly, unless the other regulations have also been agreed,” says Ruth Wandhöfer, global head of regulatory and market strategy at Citi Global Transaction Services.
“In light of the European Parliament election in May 2014, there is an expectation that the PSD2 and card-interchange legislation could be delayed until the new parliament is in place.”
In any case, the proposed regulation has a number of different implications, increasing the probability of a drawn-out legislative process and fierce lobbying by divergent parties.
One of the proposed directive’s implications is the ability for third-party providers (TPPs) to be able to offer payment initiation services to consumers and merchants. Such services, according to the proposal, facilitate e-commerce payments by establishing a software bridge between the merchant’s website and the consumer’s online banking platform to initiate payments over the internet.
They are defined within the proposal as “services based on access to payment accounts provided by a payment service provider who is not the account servicing payment service provider, in the form of (a) payment initiation services; (b) account information services”.
An example of such a provider is the popular German solution Sofort Überweisung. Shoppers can use the service to purchase goods online by entering their bank account number, their online banking password and their dynamic authentication code to initiate a transaction on to the Sofort website.
The provider then uses this information to access the customer’s online banking service and initiate the payment. This model is not covered by the existing PSD, but will be included in the scope of PSD2, according to the proposal. Other examples of TPPs include Trustly (Netherlands) and IDeal (Sweden).
The inclusion of TPPs within the PSD2 proposal follows an antitrust investigation of the European Payments Council (EPC) in which the complainant was Sofort AG.
According to an EC press release: “The Commission had concerns that through its work on standards for e-payments, and in particular the e-payments framework, the EPC could exclude new entrants not linked to a bank from the e-payments market.”
However, the EC closed the investigation after the EPC announced it was ceasing development of the e-payments framework, the objective of which had been to make existing national schemes interoperable.
“Internet payments are vital for the development of e-commerce and the good functioning of the EU internal market,” the EC stated in the press release. “The Commission, in close co-operation with national competition authorities, will therefore monitor this market closely to ensure healthy competition and a level playing field for all operators.”
While the EC’s press release about the proposal points out it makes such services more secure by including them within its scope, by doing so PSD2 is also in effect legitimizing this model.
However, critics of the TPP model point out that because it encourages consumers to share their banking passwords – a practice that is usually discouraged in the interests of deterring cyber criminals – the potential for fraud could substantially increase.
“What is problematic is introducing the principle in banking whereby customers are encouraged to share personalized authentication details [such as an online pin and dynamic authentication password/pin],” says Citi’s Wandhöfer. “This makes the role of the bank as protector of their customer’s account difficult to impossible.”
She adds that when such providers access the consumer’s accounts, given they use the consumer’s personalized credentials, there is no way for the banks to determine who has actually initiated the payment order.
“At the same time, the TPP accessing the user’s account can see everything the user can see and this is not very transparent from a user’s perspective,” says Wandhöfer.
From a corporate point of view, another of the notable developments within the PSD2 proposal relates to Sepa direct debits. Previous legislation has stated that, in the case of authorized transactions, customers have the right to a conditional refund up to eight weeks after making a payment – for example, if the authorizing did not specify the amount or the amount was unexpectedly high.
According to the PSD2 proposal, an unconditional refund right is proposed, in line with the Sepa direct debit (SDD) rulebook. However, this new refund right applies only provided that “the payee has already fulfilled the contractual obligations and the services have already been received or the goods have already been consumed by the payer”.
“Now, in many cases, the position is that if corporations are delivering something like gas or airtime on a phone, the user has to pay – unless there is a problem with the bill,” says Wandhöfer. “This could be great news for corporates, who have tended to be unhappy about actual practices involved in the eight-week refund right.”
However, as Wandhöfer points out, the text of the proposal has some ambiguity on this point, as one of the key sentences in this Article (67) is incomplete.
Given the PSD2 proposal’s early draft format – the document contains several tracking mark-ups and some key terms are not defined – and the other unpublished regulations it references, it is unlikely this will be waved through quickly. As such, some of the measures set out in the proposal might be subject to change.
Although the document gives an indication of the future development of the European payments landscape, unresolved issues, with respect to the ability for TPPs to be able to offer payment initiation services and refund obligations for SDD, suggest the directive faces many delays before implementation.
As a result, banks will have plenty of time to lobby against the contentious cap on card-interchange fees.