The Third Payment Systems Directive (PSD3) is intended to continue the drive of European payments and its wider financial sector into the digital age. Primarily centring around authentication and supervision, what do you really need to know about PSD3?
PSD3 is an evolution, not a revolution, updating PSD2 with rules and guidance on both the market efficiency and technical capability of electronic payments services across the EU. As yet published only for review, being aware of the direction of travel and implications will, of course, be essential for making headway and gaining advantage.
Timeline
PSD3 was issued for consultation in June 2023 and is likely to be finalised either later this year (2024) or early next. Individual member states will then have to turn the directive into laws in their own countries, which is predicted to take a further 18-24 months. This process is called transposition. The Payment Services Regulation (PSR), effectively ‘pan-European law’, does not require transposition, but it will likely come into effect at the same time.
So what are the key effects of PSD3 and what should banks, PSPs, marketplaces, information service providers, schemes/networks, API providers and merchants, retailers and anyone else involved the payments ecosystem expect?
Key effects of PSD3 include:
- Merger of payment institutions (PIs) and e-money institutions (EMIs)
- Stronger regulation of digital marketplaces
- Clearer rules about delegated authentication
- Much more specific requirements for open banking APIs
Let’s unpack.
Merger of payment institutions and e-money institutions
Formerly separate entities, these will now be one. These ‘bank-lite’ licences were designed to help improve European competition and kick-started the likes of Monzo, Revolut and others, many of which have gone on to become fully fledged banks. This, of course, is different to the US, where only banks are licenced. PSD3 will simplify what are effectively very similar regimes and extend what PIs offer to include e-money services.
Stronger regulation of digital marketplaces
Off the back of successes like eBay, Amazon and Etsy, everyone wants to have a marketplace or evolve into one. After all, this is precisely what happened with Spotify, as it brought recording engineers, producers and artists together in one place. One key function of marketplaces is to collect and disperse money to sellers, which has evolved into a whole new sector of payments. Being able to onboard faster, deal with smaller customers and deploy more agile tech means they are attractive for sellers and can also scale and make money out of payments.
We’re also seeing manufacturers in the car industry getting involved. A good example is Mercedes using the car as an orchestration channel to access their electronic ecosystem, enabling drivers to add on performance features, tolling, parking and potentially expand these out to booking hotels, restaurants and experiences. We recently worked with Lynk & Co to redefine car ownership with their subscription-based business model that combines digital touchpoints with automotive functionality. It’s not hard to see the opportunities.
But making things easier, cheaper and quicker exposes marketplaces to bad actors, and PSD3 will now bring a tightening of how things work. This means closing loopholes with a narrowing of the Commercial Agent Exclusion. This helps to illustrate the overall PSD3 theme, reducing regulatory arbitrage and differences, which may result in increased clarity and greater simplicity for licence holders
Clearer rules about delegated authentication
PSD2 introduced the responsibility for banks to strongly authenticate consumers. This was widely interpreted as meaning that the issuers had to perform the authentication themselves, and, as you’d expect, this resulted in some very clunky and poor consumer experiences.
PSD3 explicitly says that authentication can now be delegated to third parties. That could be a merchant, gateway/acquirer, marketplace or wallet, as long as the commercial and legal framework is clear. Hopefully, this will bring innovation to the authentication experience, with providers delegating to those who can build low-friction flows that take advantage of the latest developments like passkeys and biometrics. Perhaps we’ll even see the end of SMS messages as the second factor, finally removing a frankly insecure legacy technology from the ecosystem.
Much more specific requirements to open banking APIs
PSD2 directed banks to provide access to third parties via APIs, but there was no formal mechanism. PSD3 spells out the need for formal technical APIs, which means the end of screen-scraping workarounds. The UK had this a decade ago with the Open Banking standard, but we don’t think PSD3 will go as far as this. This is likely because there are currently two competing camps in Europe, the Berlin Group and the French STET, and they are not currently interoperable. Their APIs are different, not just in specifications but a difference dictated by laws, background, market development, financial institutions’ decisions, monetisation strategies and technical capabilities.
We think PSD3 will set out what it wants to achieve but will be mindful that it can be interpreted or implemented in different ways.
Effects on payments innovation
As we said from the start, PSD3 is an evolution and not a revolution, and as with PSD2, it is fundamentally to drive competition and provide greater consumer protection. We may see changes as the consultation phase closes, but PSD3 outcomes will likely be:
- Some consolidation
- Better, slicker, lower friction UX
- More consistent interpretation of the rules (hopefully).
What might this mean for the UK, now that it’s no longer part of the EU? Well, the EU remains a critical market for many UK merchants, and payments businesses remain part of the Single Euro Payments Area (SEPA), so businesses will adhere to that standardised set of rules. We therefore expect to see regulatory alignment broadly mirroring, but likely lagging (wait and see), what happens in Europe.
For more payments insights, download our latest e-book, The Account-to-Account Payments Tightrope.