DSP2, what is the status of the payment ecosystem?
Published by Grégoire Bourdin, CEO of HiPay.
Last year the PSD2 (new Payment Services Directive) was the focus of attention for both merchants and payment operators. Has the postponement of its implementation, initially scheduled for September 14, 2019, made a difference?
The postponement of the implementation of the PSD2 (Payment Services Directive 2), initially scheduled for September 14, 2019, allowed merchants and payment operators to benefit from a few months of additional time to update their payment tools and thus be able to comply with this new regulation. But what has really happened since September? What is the current status of the DSP2 and the position of each party (banks, PSPs, ACPRs, regulators, payment solutions and merchants) with regard to this system?
What about DSP2 since September 14, 2019?
Since September 14, the EBA has announced the implementation of a transition period running until January 1, 2021 for all countries in the European Economic Area. This is so that merchants and payment operators can implement and harmonise their systems with the rules set out in the PSD2. The United Kingdom and France, for their part, have applied a longer transition plan than that provided for by the EBA.
In France, the Banque de France has announced an 18-month transition plan, six months longer than that of ABB, with a gradual application of the PSD2 rules from April 1, 2020. Since that date, the Banque de France and French issuers have been required to meet every two months to analyse the capacity of market participants to apply the PSD2 rules. Based on this feedback, issuers will decide whether or not to speed up the application of these rules.
However, even though the Banque de France's transition plan extends to April 1, 2021, the January 1, 2021 deadline for all European countries to apply PSD2 must be kept in mind.
Indeed, while all payment operators are aligned with the transition plans provided for by the EBA and the Banque de France, regulators nevertheless advise to be ready as soon as possible. They recommend that the stakeholders in the ecosystem should not postpone their compliance work. This could prove disadvantageous if they were not ready once the deadline of January 1, 2021 has passed.
E-commerce, fraud and DSP2
The DSP2 has come at a time of strong growth in e-commerce in Europe, and the resulting fraud is costing banks dearly. This is why DSP2 requires all transactions to be authenticated, the ultimate lever to reduce fraud. But beware, this must not be done at the expense of merchant acceptance rates. The framework of the Directive therefore provides for possible modulations to strong authentication.
The various stakeholders in the ecosystem, whether merchants, PSPs, banks or card networks, will need to strengthen their systems to detect transaction fraud. In the majority of cases, in the event of fraud, issuers will have to bear the cost and the entire chain will be penalized because strong authentication will then be triggered more often, making the purchasing process less smooth for end customers.
This is why, with DSP2, issuers have the final say on the type of authentication to be applied. They must implement "risk-based analysis", a new method for analysing the risk of transactions based on the transactional data collected during the payment phase.
So how can the required data be collected and transmitted to the payment networks while complying with the new technical standards (RTS)? The main barriers to the implementation of PSD2 by merchants are technical in nature. But the level of difficulty depends very much on the technical integration proposed by the merchant's Payment Service Provider (PSP). If the documentation is clear, the customer support competent and the integration technical solutions complete and well thought-out, then DSP2 compliance becomes easier to achieve.
Since 2016, Grégoire Bourdin has been CEO of FinTech HiPay. An expert in the digitization of the banking sector and fascinated by the new models developed by fintechs, he co-founded and managed Treezor, a platform offering banking services via API, for four years. He will sell the company in early 2019. Previously, Grégoire worked as financial director of the digital agency Hi-Media Group (now AdUX) for four years, then of the financing company BJ Invest for three years.