payment Online payment: E-commerce entry into force of the DSP2 - PSD2 Directive
The online Payment Services Directive (PSD2 - DSP2), which came into force in January 2018 and whose measures will be applied from September 14, 2019, aims to secure and facilitate the use of online payment. Like the RGPD, this directive harmonises regulation at EU level, this time at the level of payments, and is part of the drive to create a digital single market. By updating the previous directive applied in 2007, the DSP2 incorporates new issues specific to open banking and payment service providers (PSP). This new directive is the result of long debates between the European Commission, the European Parliament, the European Banking Authority, banks and FinTech actors.
Why is DSP2 necessary?
The DSP2 is first and foremost a response to the challenges of cybercrime. With a fraud rate of 0.161% in 2017, France is a good student according to the Observatory on the security of the means of payment of the Banque de France. However, the DSP2 sets an even more ambitious target at 0.13%. The main measures of the DSP2 are:
Securing online payments, through the implementation of double-authentication for transactions of an amount greater than € 30 among three factors (a code or a password that we know, a device that one possesses or a biometric data). The choice to opt for a 3D-Secure (3DS) type of device no longer belongs to the e-merchant but to the bank, with the obligation to generalize it and to strengthen it.
-
Secure access to data:
The DSP2 requires banks to provide access to their customers' data (with their agreement of course) to third parties such as payment service initiators (so-called PSPs in English, such as SoFort, Ayden, HiPay or Paypal) or account information service providers. The obligation for banks to offer them adapted interfaces or APIs to enable them to aggregate certain banking data.
-
Securing online payments:
The obligation of strong authentication for online payments of more than 30 euros, to reduce fraud in e-commerce.
Securing online payments, through the implementation of double-authentication for transactions of an amount greater than € 30 among three factors (a code or a password that we know, a device that one possesses or a biometric data). The choice to opt for a 3D-Secure (3DS) type of device no longer belongs to the e-merchant but to the bank, with the obligation to generalize it and to strengthen it.
-
Strengthening consumers
Strengthening consumers' rights to banks by prohibiting extra billing in the case of payment with a credit or debit card, online or in store
The strengthening of consumer rights, through the lowering of the franchise remaining the responsibility of the customer in the event of fraudulent card payment before opposition of 150 to 50 euros, shorter repayment times and the introduction of a right to unconditional reimbursement for direct debits in euros.
-
Consumers economy:
The prohibition of overbilling, the application of surcharges in case of payment by debit or credit card.
Repercussions of DSP2 are multiple:
- For e-commerce players, there is a fear of a deterioration in conversion, particularly because of double-authentication that may complicate the online shopping journey and see many transactions fail. To minimize the impact of the DSP2 on the conversion rate of e-commerce sites, the directive provides exceptions for which enhanced authentication is desired but not mandatory: repeated transactions, small transactions and transactions intended to trusted beneficiaries. In the latter case, the user sends a whitelist to his bank.
-
For players in the banking sector, we can expect an opening to competition in the market, especially thanks to the fact that the DSP2 provides an approval that certifies payment service providers and other FinTech actors on the quality of their treatments. Coupled with easy access to the data of their users, this approval strengthens their legitimacy vis-à-vis traditional banks and allows them to develop even more innovative services.
Opening the market to new players by giving access to account information via a secure communication channel.
DSP2, therefore, implies new constraints and new opportunities. By further securing transactions and strengthening cooperation between banks and payment providers, the DSP2 should nurture a virtuous circle for European citizens. On the one hand, the latter will benefit from authentication devices designed to limit fraud. On the other hand, by opening access to certain data, the FinTech players will be able to improve their value proposition.
0 Comments
Recommended Comments
There are no comments to display.