top of page

Everything You Need To Know About the PSD3 Payments Directive

Updated: Sep 18, 2023


What is PSD3 Targeting?

PSD3 aims to make it easier for customers to protect the digital landscape. Both merchants and banks are taking action digital landscape which is why this PSD protocol is more effective and protectable. Moreover, open finance and banking will share customer information with other competent authorities who have accounts with tax authorities, payment processors, and more

What is the difference between PSD3 vs PSD2?

PSD2 governs all digital payments and open finance in the EU and EEA, and PSD3 is expected to do the same, potentially broadening its scope. We explained PSD2 according to research that is looking to answer questions such as the below:

  • Are current open banking requirements adequate?

  • Are there alternatives to current SCA methods?

  • Should the SCA period be extended from 90 to 180 days to reduce friction

  • Should contactless payment limits change?

  • Should applicable currency conversion costs be disclosed before transactions?

  • Are exceptions under PSD2 still appropriate?

  • Should one-leg-in (just one PSP in the EEA) payment transactions be sped up?

  • Can authorization for payment providers and institutions be streamlined?

  • Should we start regulating currently unregulated activities such as crypto payments and BNPL?

PSD3 Compliance: What Do You Need to Know?

For companies that accept electronic payments, as well as the banks and financial institutions that process and manage them, PSD3 compliance will eventually become mandatory once PSD3 is agreed upon, approved by law, and an implementation deadline has passed.

This deadline is currently unknown, but based on how long it took for PSD2 to replace the first PSD, we can make an educated guess: five years.

European countries had two years to transpose PSD2 into national legislation after it was adopted at EC level.

Companies had another two years (extended to three) from transfer to fully adapt to PSD2.

There is always a chance that this process will accelerate, but it's safe to say it will take at least three years after PSD3 becomes EU law until companies have to fully comply with it.

Of course, depending on the extent of the updates, this will likely not be an easy feat, so payment processors, banks and other financial institutions are advised to begin the process of adapting their systems as soon as PSD3 becomes EU law.

Penalties for PSD3 Non-Compliance

Nothing is finalized yet, but once PSD3 becomes law, the penalties for non-compliance are likely to be similar to those of PSD2 - these penalties include potential license removal for financial institutions and adjacent companies, as well as fines.

This means that it is up to the “competent authority of the parent Member State” where the company in question is located, with the power to detect non-compliance and impose fines and other penalties according to local legislation.

Note that if PSD3 follows the path drawn by the previous Directives, maintaining compliance will depend on payment processors, not merchants accepting digital payments.

So while it's wise for merchants to keep a close eye on PSD3 developments, online retailers and similar companies have less reason to worry right now.

How Will PSD3 Help Fight Fraud?

In addition to facilitating the provision of financial payments and services, PSD3 will seek to protect operations and users and make them safer for all parties involved in line with the previous ones.

For example, PSD2 defined and mandated the use of multi-factor authentication (MFA) for certain types of payments, as well as when a consumer wants to access their financial account at a bank or credit company. This has made it significantly harder for brute force, phishing, and other account hijacking attacks to succeed.

As we mentioned earlier, open banking brings with it risks as well as opportunities. An important consideration is how this expands the possible attack surface as a significantly larger ecosystem compared to previous installations.

As the adage goes, you are only as safe as your weakest link. In this case, a single gap between the various institutions that share one's authentication or identity can give successful scammers a higher reward.

Therefore, PSD3 will seek to further increase protection for consumers and organizations, and national and regional economies in general, by addressing newer fraudulent methods as well as anticipating new risks to the extent possible.

As more information about PSD3 is released, we will keep our partners informed of important new developments so they can prepare their response.

Why is PSD2 changing?

There’s a regulation called the employment service directive but it does in fact force all of the banks to open up their account services to third parties or trusted ones. That means they have to provide information. It’s going to be change in technology that is needed to solve our account safety problem.The area of internet payments always changes, new services emerged and this situation has to change the PSD2 procedure. FinTechs ThirdParty Providers (TTP's) also specific payment solutions or services. The Fintechs come to face to face new difficulties online fraud problems depend on new marketing, such as;

  • Some marketing problems were operating outside of the financial service legal framework

  • .Marketing follows to obey this PSD procedure because of protecting.

  • PSD has to keep in step with new technology because that wipes off hazard vulnerability assessment

  • Searching to find out whether stakeholders feel the current legislation is still fit for purpose

What is PSD2?

PSD2 is a second payment directive that the European Union created. PSD2 is introducing a mandate to perform strong customer authentication for payments. In the scope of the regulation itself, the main aim and goal of PSD2 Are to increase the overall security of the payment landscape within the European Union and protect the shopper from fraudulent transactions.

What is the Scope of PSD2?

PSD2, just like every good rule, has a geographical scope to where it is applied.

The first one is the two legs of the transaction. The first leg is where the issuer is located, where the issued card and the first one is where the acquirer is. If both are part of the EEA, the European Economic Area, then you are in the scope of psd2.

The second part is that PSD2 actually has a type of transaction despite the fact that two legs are out of scope, so they are not part of the mandate of PSD2, which are MOTO, mail order, and telephone order. The second one is MIT, merchant-initiated transaction, and the third one is anonymous cards. PSD2 brings customer benefits that are;

  • PSD2 protects your online payments activities

  • PSD2 increases to process improvement for consumer rights

  • PSD2 forbids surcharging

  • PSD2 decreases customer complaints

What is PSD2 Strongly Provide for Online Fraud?

SCA, also known as strong customer authentication, is defined by two factors out of three. Those factors help strong customer authentication across the EU will help reduce the risk of fraud for online payments and online banking and protect the confidentiality of the user's financial data

  • The first is something that “you are” is your face or a fingerprint.

  • The second one is something that” you know”; it can be a password or passphrase

  • The last one is something that “you own,” it’s a phone.

PSD2 Text Description:

It will bring about key changes to the European Payment industry including;

Extension of scope: That is the PSD beyond Europe and in the definition of a “Payment Institution”

  • Third-party payment initiation: Regulation of payment initiation service providers (PISPs). These services allow users to initiate online payments to an e-merchant or other beneficiary from the payer’s bank account via the online portal of the PISP. This provides an alternative to the use of payment cards in online transactions

  • Third-party account access: Regulation of account information service providers (AISPs). These services act as the aggregation of customer payment account information allowing users to log in to the single online portal to view all their payment account transaction history a balance.

  • Prohibition of card surcharges: Standardization of different approaches to surcharges on card-based transactions which are currently applied across the EU

  • Security & Authentication: Introduction of new security requirements for electronic payments and account access along with new security challenges relating to AISPs and PISPs.

bottom of page