What is PSD2?
EU's Payment Services Directive
According to the European Commission:
The [current] Payment Services Directive (PSD) was adopted in 2007. This legislation provides the legal foundation for an EU single market for payments, to establish safer and more innovative payment services across the EU. The objective is to make cross-border payments as easy, efficient and secure as 'national' payments within a Member State.
Also, according to the European Commission:
The Commission proposed to review the PSD to modernise it to take account of new types of payment services, such as payment initiation services ....
[PSD2's] main objectives are to:
- Contribute to a more integrated and efficient European payments market
- Improve the level playing field for payment service providers (including new players)
- Make payments safer and more secure
- Protect consumers
- Encourage lower prices for payments
To make electronic payments safer and more secure, PSD2 introduces enhanced security measures to be implemented by all payment service providers, including banks. The EBA will develop specific and objective security standards to that end.
PSD2 Security directives and regulations are written at a high level and the detailed implementation is being left to the industry. However, data security regulations related to PSD2 will almost certainly be subject to the same stringency as the General Data Protection Regulation (GDPR).
The inherent data-security challenge industry observers see in PSD2 is that of strengthening security to reduce fraud while not causing too much disruption to the end user experience.