What is PSD2
It stands for “Payment Services Directive” PSD2 is the second part of the regulated payment services and payment providers in the European Union and European Economic area.
This year the Payment Services Directive 2 makes possible
- Opportunities for innovation by 3rd party’s
- Increased consumer protection
- Increased security
Innovation by 3rd Parties
Banks have a monopoly on consumers data, the PSD2 will allow 3rd party merchants like Amazon with your prior permission access your account data from your bank. This process will be regulated and monitored as part of the PSD2. This means that new players will be able to enter the market as an alternative to Visa or PayPal.
It will also allow for instance if you have multiple bank accounts it will be possible for “account information service providers” (with your permission) to aggregate your accounts in one place. Basically making your data available from the banks to allow more competition within this sector.
Increased consumer protection
Its good news for consumers as the PSD2 stops merchants charging consumers additional fees for specific payment methods if both the customers bank and card user are located in the EEA European Economic Area. If payment is made with debit or credit card direct debit or credit transfer the amount of surcharged imposed cant exceed the amount the merchant has to pay in accepting the payment method.
If there is an unauthorised transaction PSD2 makes it so the payment service user must be refunded straight away and is not liable. This applies to hacking, data breaches copied payment card etc. If you lose your wallet and someone uses your card under the PSD2 you are liable a maximum of 50 euro provided you notified the card issuer bank.
Increased security
Its increasingly likely that they will be increased security checks online. Such as two step verification of a transaction. This would be done through password like now but additionally authenticated through a consumable such as a phone, data reader personal to the user.
What does it mean for Ecommerce sellers?
If you take payments through your website it will depend on how the data is processed, and how the below statements apply to you:-
A 3rd party processes transactions on my website (Paypal, Stripe etc)
In this case you shouldn’t need to do anything as its the responsibility of the 3rd party to comply with PSD2. I would recommend keep in touch with your payment processors support and there plans around 2 step authentication for payments in Europe.
My website processes transactions via plug-in through to my site
This could be a little trickier if the user is directed to the processors website and then back again in theory its the same as a 3rd party. Some older systems have a half and half set-up with some user data stored on a websites server and parts of transaction passed to the 3rd party and back via tokens. I would recommended reviewing this older systems and also how it fits into your wider data processing of users data and policy. It may be a good time to think about switching to a 3rd party.