Payment Services Directive 2.0, Why “PSD2” is A Much-Needed Step Towards Uniformity and Accountability in the European Payments Industry

Rules and regulations serve many purposes, from ensuring that business activities are conducted consistently and fairly, to ensuring that providers and their customers are protected from harm, intentional or otherwise. Without rules in place, business, and indeed, society, couldn’t function. That is why having a comprehensive set of regulations for the financial payments industry is paramount, because without it, commerce wouldn’t be possible, economies and consumers would suffer and the dramatic innovation we have seen in payment technology over the past few years would cease. In a world where things change nearly overnight, it’s important that our guiding principles, our governing rules, are re-evaluated and updated to reflect current and future realities. Payment Services Directive “2.0,” now in progress, brings much needed changes to the EU Payment Services Directive, changes that seek to bring more uniformity on security and accountability to electric payments in the European countries involved.

I think most people would agree that one area where technology innovation is rapidly getting ahead of current regulation is in payments. Today, we are in a world where physical currency-based transactions are increasingly being supplanted by electronic, digital payments, driven by transactions conducted on mobile devices and performed online. The future is even more daunting as the advent of cryptocurrencies dramatically changes the landscape where traditional checks and balances are replaced by mathematical models and encryption. Trust is essential. This creates both opportunities and risks for the entire payments ecosystem – from banks and lenders, to financial intermediaries and service providers, to consumers. Unfortunately, news reports of cybercrimes attacks are a common occurrence against the payment industry such as this, or this, or this. Only by modernizing our rules and establishing well-delineated requirements can we ensure that any weak links in the payments chain can be exposed and resolved.

The aim of the PSD2 proposal is to help develop a more unified market for electronic payments in the EU, one “which will enable consumers, retailers and other market players to enjoy the full benefits of the EU internal market, in line with Europe 2020 and the Digital Agenda.” To achieve this and promote more competition, efficiency and innovation in the field of e-payments, PSD2 will help establish legal clarity and a level playing field, reducing costs for payment services users, enabling more choice and transparency within payment services, and creating a framework that enables secure and transparent payment services. While the proposal includes a number of important updates, from my perspective, one of the most important elements relates to the requirement of a detailed security policy built from a provider-specific risk assessment.

Every payment technology – from physical cards, to electronic transactions to virtual currencies such as Bitcoin or VEN – have unique attributes and mechanisms of operation, and thus, specific risk profiles. One size clearly does not fit all in the world of electronic payments! That is why PSD2 includes specific recommendations for a security policy document informed by a detailed risk assessment in relation to its payment services. Central to this policy is a description of security controls and mitigation measures taken to adequately protect the payment services users against the risks identified, including fraud and illegal use of sensitive and personal data. This kind of assessment goes a long way to ensuring that each member of the payment chain is accountable for the risks they impart to the overall holistic payment process chain.

I have long been an advocate for industry collaboration in the fight against fraud. It is my hope that industry recognizes the benefits that PSD2 brings not only to advances in the progression of e-payments in the EU, but also helping to redefine a new approach to the challenges facing the global payments industry in the ever-evolving battle against fraud.