PSD2 has stirred a lot of debate in the finances community due to its impact on a great deal of businesses. What concrete advantages has the initiative brought about to SME and EU-wide retailers?
For many years now, large retailers have been looking for a harmonisation of the payment systems they are using across the EU. Considering the local specificities, it remains quite difficult to find the right processing partner being able to provide a full set of payment means covering all the expectations (debit and credit payments, loyalty, meal vouchers) in an integrated way.
We can therefore assume that, by providing a standard means of access to bank accounts to perform transactions through harmonised specifications for PISP, the payment services providers, or even the merchants should they want to develop their own payment gateway, will be in a position to address the market in a standardised way.
We however should make a clear distinction between the philosophy of PSD2 (to be perceived as an approach for open access to account info), and detailed specifications for performing the transactions (in that perspective, the RTS publication is a first step).
Pushing the SEPA Instant Payment is an interesting approach to go in this same standardisation direction, but must be considered separately from the PSD2 as some other proposals may come on the table (in spite of a rather short timeline).
From the SME point of view, we can expect that the arrival of PSP with global POS and ecommerce acceptance solutions (with much more competitive pricing) will boost the electronic payment acceptance volume, and extend the range of services to be proposed to consumers at a European level.
Finally, we can consider that PSD2 can certainly be perceived as enabler towards a cardless world, as the IBAN becomes the main identifier to trigger requests for AISP or PISP.
In line with the previous question, XS2A and Strong Customer Authentication are the two most debated concepts concerning PSD2-related security aspects for online businesses. How do these security requirements impact online businesses and the industry in general?
XS2A and Strong Customer Authentication are of course significant drivers for a reorganisation of core banking systems or packages, facing two main challenges: on the one hand, being able to provide the access to account means creating a gateway to significant information for banks, and this, on the other hand, being balanced by the need to secure those accesses. Fortunately, EBA is responding to this by the elaboration of the RTS specifications. Although this can of course be perceived as a strong constraint by major banks forced to adapt old legacy solutions, this is an absolute need for opening the payment market and leaving room for new players.
By new players, we also mean the intermediate service providers, that will, as it was the case for SEPA, play a major role in helping the banks overcome the difficulties in becoming PSD2 compliant in time, by providing the necessary interfaces to guarantee an open (but secured!) access to the PISP and AISP.
This will therefore certainly contribute in re-enforcing the trust of customers in electronic payments, and will create a room for new players in the payment world.
What other regulations for the EU space have similar or complementary beneficial impact on cross-border ecommerce (say GDPR, for example)?
Two main points have to be considered here.
First, we have to determine how GDPR will be handled. We are facing a strange situation where PSD2 is clearly pushing for an access to sensitive information such as the bank accounts available funds for a large range of players in the market, and at the same time GDPR is pushing for a stricter private data protection policy.
By publishing the RTS with all related security mechanisms, EBA sends out a positive message being: “It is obvious that the growth of electronic payment acceptance is passing by an unavoidable standardisation, increased competition, and simplified access to information to guarantee the payment execution, but in parallel, the necessary mechanism to protect the data and to prevent the misuse of the information and to gain trust from users in accepting the usage of new payment channels”.
Secondly, from a technical point of view, we have to follow how the SEPA Instant Payment scheme will interact with this PSD2 implementation (although we insist on the fact that this Instant Payment must be considered as a separate track from the PSD2 one). The fast execution of payments in this context is a positive indicator providing additional trust to the online merchants about the guarantees of payments.
Strictly speaking for the merchant side, what is the perfect recipe for an effective consumer-centric omnichannel payment mechanism implementation?
Very simple: globalised view of all payments executed on all channels (POS, mobile, ecommerce, debit, credit, prepaid, in all SEPA area countries), fast execution of payments with guarantees on funds availability, and in a such opened context, ability to ensure the respect of customer’s private information as well as a sufficient level of security in the transaction execution.
This new approach of globalisation and securisation can be perceived as a significant driver to ensure the development of new payment means, such as mobile or ecommerce.
In your opinion, how important is the payments compliance aspect for a merchant selling EU-wide like Carrefour or Inditex and what recent initiatives have been adopted for a more transparent transactional context?
It is obvious for us that standardisation and the associated compliance process in a PSD2 context is a guarantee for EU-wide selling merchants to finally have a global and coherent multichannel acceptance platform for the whole of Europe with all necessary guarantees in terms of interoperability and security. As stated already previously, some documents are popping up to either define the main roadmap to follow in terms of payments processing, or to define the security and confidentiality principles to apply.
However, we are still missing an appointment of a responsible entity in charge of confirming the correct interpretation of the specifications, validating the way it will be implemented and giving the green light to start production operations.
Regulatory-wise, how do you see the evolution of the payments industry in the near future?
As the link between the acceptance platform and a merchant, a processor, a bank is now standardised, the next step will be to define a regulation on the acceptance channels. Lots of initiative are popping up, integrated payment means are coming on the market, but without really detailed specifications or security requirements. Those kind or regulatory aspects should be inspired from what was done with EMV and PCI/PA-DSS.
Additionally, such level of systems’opening is a trigger to:
Finally, the development of such a model integrating PSD2, RTS, GDPR, Instant Payment will sooner or later be the starting point to create an entity in charge of global regulation of the SEPA Payment Framework (personal perception of a possible replacement of the old SEPA Card Framework, with the mission to ensure an harmonised, globalised and secured development of a future SEPA cardless ecosystem.
About Arnaud Sirtaine
Arnaud Sirtaine, founder and managing director of SmartPay Consulting, has nearly 20 years of experience in the field of electronic payments systems. This has allowed him to develop a complete vision of the entire value chain of the electronic payment ecosystem.
About SmartPay Consulting
SmartPay Consulting supports the financial world in today’s dynamic market by providing Services, Solutions and R&D to Banks, Transaction Providers, Payment Schemes and Other Intermediaries.
As an independent initiative, The Banking Scene connects organisations and people to help shape the bank of tomorrow. Make sure you are part of this first edition of The Banking Scene, where you can share your thought leadership with 250-300 others: CIOs, CDOs, Innovation Managers, Strategy Managers, Product and Marketing Managers. We look forward welcoming you on the 30th of May.
The Paypers. All rights reserved. No part of this site can be reproduced
without explicit permission of The Paypers(V2.3).