Electronic payments are the lifeblood of the economy, even more so since COVID-19. Their value is constantly growing, reaching €240 trillion in 2021. They include credit and debit card payments, bank transfers, direct debits, and more innovative types of payments such as mobile payments, contactless payments etc. The Second Payment Services Directive (PSD2), from 2015, is the EU’s legal framework for electronic payments. Due to a number of market developments since then, PSD2 needed an overhaul. Two proposals updating and upgrading PSD2 were adopted by the European Commission on 28 June 2023. This is in line with the Commission’s Retail Payments Strategy of September 2020, and complements a legislative proposal of October 2022 to make instant payments universally available. The PSD2 revision package comprises a number of key new elements compared with PSD2.

New anti-fraud measures

PSD2 introduced Strong Customer Authentication (SCA), i.e. the process in which customers must identify themselves through a (minimum) 2-step authentication, which already contributed to a significant reduction in payments fraud. Unfortunately, fraud is constantly evolving and now social manipulation fraud, whereby fraudsters induce a victim via direct interaction to authorise a payment to an illegitimate account, is becoming more common. The Commission proposed a number of measures to tackle this, including

• A requirement on banks to offer, for all credit transfers in all EU currencies, a system to check concordance of the name of a payee and the bank account number (IBAN) entered, before the transfer is finalised
• An obligation on banks to educate their customers about fraud risks
• Greater ability of banks to cooperate with each other and exchange fraud-related data
• An additional conditional right to a refund for victims of fraud in specific circumstances (non-availability of the IBAN/name checking service; impersonation of bank employees by fraudsters)

Improvements for consumers

Consumer rights and information are reinforced in a number of areas. For example, consumers will be provided with more information in situations when their funds are blocked on a card account (this is commonly done in hotels, car rentals or at petrol stations). Consumers will also be better informed regarding fees for cash withdrawals and transfers sent to outside the EU. Bank statements will be more readable, with compulsory inclusion of trading names of retailers, not just the legal name (which can be less recognisable). In addition, there are measures to boost availability of cash, by allowing shops to distribute cash to consumers without requiring a purchase, and by simplifying the rules for operators of non-bank ATMs. Banks will also be obliged to make SCA more accessible to people with disabilities and others with challenges using SCA, and there are clarifications on when SCA should and should not be applied.

More innovation and competition

The proposals also contain improvements to the functioning of open banking, a growing sector where consumers grant access to their payment account data in return for added value services, such as an overview of accounts with different providers, easier payments, or improved access to credit. The proposals lay down more detailed requirements including on prohibited obstacles regarding open banking data access and clarify the rights and duties of the various players. Banks are also required to offer a ‘dashboard’ enabling their customers to manage the permissions granted to open banking providers. This ties in with another legislative proposal, also adopted by the Commission on 28 June, on financial information data access (wider than just payment accounts information).

There are also significant improvements to the ability of payment institutions to compete with banks, by granting them access to all payment systems and strengthening their rights to a bank account (which they need to safeguard customer funds). Payment institutions, often fintechs, can only offer payment services, not banking services like savings accounts and lending.

Better implementation and enforcement

Divergences between Member States will be ironed out by placing most rules in a regulation which applies directly. The requirements addressed to Member States (on licensing, supervision etc.) are included in a directive. Stronger measures on penalties and enforcement of the rules are also included in the proposals. The next step is for the European Parliament and Council to consider the two Commission proposals.

Read more about the proposals