The Second Payment Services Directive: a game-changing regulation

What challenges and opportunities could the Second Payment Services Directive (PSD2) provide?

The Second Payment Services Directive (PSD2) requires banks to open their payments infrastructure and customer data assets to third parties so that they can develop payments and information services to its customers. Making PSD2 not only a regulatory compliance and technology challenge but also a strategic and operational one.

Competition

Opening up payments initiative and information services has the potential to shift the competitive field. The ability to engage directly with and add value to customers will no longer be just the advantage of banks but shared with FinTechs, technology firms, and even retailers and telecommunications providers.

Unlike most banks who have legacy cores, PSD2 works on the expectation of scalability, security and resilience.

Security

PSD2 has been introduced against a backdrop of high profile cyber-attacks across industries. The primary responsibility for security risks will lie with payment service providers, and increasing the number of partners you interact with via API’s will increase your cyber attack surface and make you more vulnerable security breaches.

While PSD2 requires opening up customer data to third parties, the new EU General Data Privacy Rules demand protecting customer data privacy as well as evidencing customer consent with potential penalties for breaches.

PSPs must ensure that security measures are in place to protect the confidentiality and integrity of customers’ security credentials, assets and data.

2018 is set to be a game-changing year for retail and banking as PSD2 takes effect. Already we have seen Member States implement the revised Payment Services Directive into their national regulations.