The second Payment Services Directive (PSD2) entered into force on January 13, 2018. Compared to the previous version, it aims to regulate new forms of payment in Europe responding to the request for a regulatory framework adapted to these new transactions. In this article, we will present how PSD2 strengthens the security of both online bank accounts and dematerialized payments.

More Information and Security for Online Bank Accounts

One of the basic principles of PSD2 is the opening of financial flows to actors other than traditional banks. This phenomenon is called Open Banking and has allowed the emergence of Neobanks and FinTechs, which, thanks to these new regulations, will be authorized to manage the financial flows of their customers.

PSD2 clearly highlights two new roles (or actors):

• Account Information Service Providers (AISP)
• Payment initiation providers (PISP)

AISPs give users the possibility to centralize all the information concerning their different bank accounts on a single medium (mobile application or website). Users will be able to overview their balances in one place, without having to check each bank account individually. The role of AISPs is to display figures, even if some of them, such as Linxo, give the possibility to make transfers between accounts.

PISPs are intermediaries providing alternatives to traditional payment services. These new possibilities allow users to trigger a transfer order without depending on the Mastercard or VISA bank card networks. To take the example of Linxo, this Fintech is both an AIPS and a PSIP, allowing on the one hand the management of balances and on the other hand offering the possibility of initiating a transfer.

These principles are important and are in direct line with the objectives of Open Banking and therefore of PSD2. Consumers of financial services today have a much larger choice and are no longer dependent on traditional banks to access such services.

Being free to choose the provider of your choice may seem natural in any other field, but it is clear that this was not entirely possible for payments.

How Does PSD2 Strengthen the Security of Dematerialized Payments?

The need to regulate new forms of payment is not to be proven. The use of cash is steadily declining worldwide, although some countries such as Germany are resisting dematerialization. According to data published by the ECB, the cash portion of financial transactions in Europe has gone from 54% in value to 48% in 3 years with card payments increasing to 41% at the same time. The scissor effect is foreseeable!

Contactless payments and e-commerce in the context of the global health crisis inevitably lead to dematerialized payments, already present in consumer habits.

PSD2 plays a key role in the development of these new services, along with a strong need for security. When PSD2 entered into force in 2018, the number of cyber-attacks in France was increasing by 32% annually. Security is key for a payment method to actually work.

Strong Authentication emerged as one of the answers. This can be considered as the new shield against fraud in the context of dematerialized payments. It will also replace its predecessor, 3D Secure, introduced by the first directive (PSD1) at the end of 2009.

Gentle reminder: 3D Secure consisted of asking for the customer confirmation when making an online purchase. This confirmation took the form of a code usually sent by SMS that had to be entered to confirm transactions on e-commerce sites.

Although it has fulfilled its role, 3D Secure will be gradually replaced by Strong Authentication, which will only be required for payments exceeding 30€. A Strong Authentication need combination of:

• Sensitive data known only to the bearer, such as a secret question or a security code;
• Biometric data, by definition specific to the bearer: scan of fingerprints, iris or any other biometric data;
• A medium on which to check all these elements: most often a personal smartphone or a bank card.

These are the three pillars of future online payment security. Each transaction greater than 30 euros will have to be secured this way, otherwise it will not be validated. Strong authentication has a key role to play in the security of the €112 bn transactions carried out on the internet in 2020. This figure is 8.5% higher compared to 2019. 17.400 additional e-sites trades were recorded during this one-year period.

Last point, in order to compensate for the constant reduction in the number of ATMs, a cashback principle has been established to address under-banked areas. Part of the population do not necessarily have the possibility to withdraw money easily, especially in rural areas. Cashback in this case would allow users to withdraw money from an authorized merchant when paying by credit card, in the range of €1 to €60. At the same time, as cashback is also a money laundering technique, these operations must be extra-well supervised, with authorized traders undergoing regular analyzes.

As it turns out, the Second Payment Services Directive is a founding document, governing today's payments while anticipating on tomorrow’s. It aims to secure customer personal information while promoting innovation and new services in the financial sector. Olkypay, both a neo-bank and an online service provider applied these measures since their inception: we guarantee you protection and fluidity in the managing of your finances, whether payments or monitoring of your accounts.