The financial world is in constant state of change, driven in particular by technological advances and regulatory adjustments. The current regulatory initiatives of the European Commission, PSD3 (Payment Service Directive 3) and PSR (Payment Service Regulation), will be further steps in this development. According to the European Commission, they aim to harmonize payment transactions within the European Economic Area, increase the security of payment transactions, and promote competition in the payment market. These new regulations present a number of challenges, but also opportunities for banks and payment service providers.
In this blog article, we look at the key points of PSD3 and PSR and their potential impact on banks and payment service providers. We highlight the measures that need to be taken to efficiently and timely implement the regulatory requirements.
PSD3 builds on previous regulations, particularly PSD2, and clarifies existing regulations. It includes, among other things, an extended liability for banks and sets new IT and risk standards. A key focus is on strong customer authentication and transparent payment transactions.
PSD3 includes an extended liability for banks and sets new IT and risk standards.
The PSR (Payment Service Regulation) complements the PSD3 and leads to directly applicable law in all EU states. Its goal is to harmonize regulatory standards within the EU and ensure uniform regulation in European payment services.
The objectives of PSD3 and PSR:
In June 2023, the drafts for PSD3 and PSR were published as proposals to revise PSD2. The European Parliament approved this proposal on April 23, 2024, with some amendments, including regulations on strong customer authentication and liability rules. Currently, the European Parliament and the European Council are negotiating the final statutory text. The final version of the statutory texts is expected by the end of 2024. Given these developments, we expect the new regulations to come into effect in 2026.
PSD3 implementation schedule (2023-2026):
Adapting to the new PSD3 requirements is essential for banks and payment service providers to ensure compliance with the regulations and seize opportunities. This results in the following impacts requiring action:
Adapting to the new PSD3 requirements is essential to ensure compliance with the regulations and seize opportunities.
PSD3 and PSR foresee the introduction of stricter requirements for customer authentication and an expansion of authentication options for people with low digital affinity and vulnerable groups. Additionally, in April 2024, the European Parliament proposed expanding the inherence factor to include environmental and behavioural characteristics. This means that banks and payment service providers must invest in the development and implementation of more robust and innovative security mechanisms. This can increase the security of payment transactions but is associated with implementation costs and additional complexity in adapting systems and processes.
With the tightening of liability rules in fraud cases, banks, payment service providers, and providers of electronic communication services are held more accountable. Issuers will have to prove that, for example, a fraudulent transaction is unequivocally due to customer misconduct to avoid liability. Additionally, payment service providers are obliged to immediately block a payment instrument if there are objective risks or suspicions of fraudulent use. This will be difficult to demonstrate in many cases and may not be in the interest of the relationship with the customer in question. Investments in customer communication, prevention, and handling of fraudulent transactions are to be expected, as well as the challenge of maintaining an efficient balance between transaction conversion and fraud prevention. Furthermore, the reversal of the burden of proof could have a massive impact on customer behavior. The issue of fraud will gain significant momentum. This is already evident in the UK, where the mere sharing of liability risk has led to a significant increase in damages. The issue of fraud should be a major priority for payment institutions in the coming years.
Investments in customer communication, prevention, and handling of fraudulent transactions are to be expected, as well as the challenge of maintaining an efficient balance between transaction conversion and fraud prevention.
To effectively combat fraud, banks and payment service providers must monitor transactions and exchange fraud-related data among themselves to detect early warning signs and respond appropriately.
Implementing the IBAN-Name-Check requires verifying the entered IBAN and the associated account holder's name to reduce fraud cases and increase transaction security. This may result in additional costs for banks as they will need to adapt their existing systems and processes to integrate this new measure.
PSD2 introduced the surcharge ban, which prohibits providers from charging customers extra fees for certain payment methods. The new draft of the PSR expands this ban. Providers should not be allowed to charge fees for payments, although discounts or special offers that steer the selection of a particular payment method are not excluded. Banks and payment service providers should now identify alternative revenue sources and develop new service offerings to remain competitive.
The impact of PSD3 on banks and payment service providers at a glance:
Given these new regulations, it is crucial for banks and payment service providers to act proactively to ensure early compliance with the regulations and secure the competitiveness and profitability of their offerings.
The following measures should be taken to meet and successfully implement the new regulations:
Optimization of security mechanisms:
Strengthening fraud detection and prevention:
Integration of the IBAN-name-check:
Development of alternative revenue streams:
With our long-standing expertise in the areas of payment transactions and regulation, we navigate our clients through the complex requirements of the payment market, in particular PSD3 and PSR. Our team of experts supports you in leveraging market developments, developing tailored solutions, and making your business models future-proof. From analysing business processes, identifying and tapping into new revenue sources to selecting and implementing technology solutions – together, we can strengthen your company's position in the payment market. Please feel free to contact us.
PSD3 and PSR are part of Projective Group's “NextGen Payments: Revolution or evolution by 2030?”. In a customised workshop, we discuss with you how the future drivers of digitalisation, regulation and cyber security will affect your business models, and we will work together to develop individual solutions. You can find more information here.
Alongside PSD3 and PSR, other regulatory requirements such as DORA (Digital Operational Resilience Act) are influencing payment transactions. Learn more here.
Established in 2006, Projective Group is a leading Financial Services change specialist.
We are recognised within the industry as a complete solutions provider, partnering with clients in Financial Services to provide resolutions that are both holistic and pragmatic. We have evolved to become a trusted partner for companies that want to thrive and prosper in an ever-changing Financial Services landscape.