The rise of internet and mobile payments has drastically altered the way people pay for goods and services. This change is not only reflected in an increase in their share of overall payments, but also in the way our habits and preferences have evolved. Banks, payment card companies and intermediaries have responded to these changes by adapting their services. As the market kept on evolving, digitalisation has brought forward opportunities for new competitors to enter the traditionally conservative payment services market, which has also attracted the attention of technology companies.
The patterns of payment changes varied globally, influenced by factors such as the specific country, its level of development and fiscal policies. In Europe, the push for changes came from within the European Union (EU) at the cross-border level. The European Single Market, which aims to ensure the free movement of goods, capital, services and labour (known as the ‘four freedoms’) within the EU, necessitates common rules in many areas. As the movement of capital involves the transfer of funds, there was an increasing need for relevant legislation to cover the scope of the Common Market.
Recognising the transformative power of online payments and the challenges they could pose if left unregulated, the European Commission (EC) decided to take steps to fill the gap between existing laws and new technological advancements in the payments market.
In line with that, PSD1 was introduced in 2007 and was updated in 2015 (PSD2). The main objective was to implement a payments services directive to establish a unified market for payment services by standardising the laws and regulations across member states in the EU. It is important to note that Payment Services Directives only apply to electronic transactions, such as online/mobile banking and payments. They do not cover cash payments or bank checks.
PSD’s Forward-Looking Framework: Revolutionising Payment Service Providers and Users in the EU
The Payment Services Directive (PSD) has greatly influenced the payments sector by unifying the market for payment services within the EU through the implementation of a forward-thinking regulatory framework for Payment Service Providers (PSPs) and users. A notable example of this is the introduction of regulations for Open Banking in Europe. For the first time, consumers were given the legal right to access their bank and FinTech accounts through third parties, allowing them to view financial data and initiate payments with their consent.
Some of the ways in which PSD has revolutionised payments include, among others:
- Increased competition and innovation: PSD helped to increase competition in the payment services industry by allowing non-bank entities, known as Third-Party Providers (TPPs), to access account information and initiate payments, which has led to the emergence of new business models and services. For example, AISP (Account Information Service Provider) and PISP (Payment Initiation Service Provider) are two types of third-party service providers that have been introduced by PSD2 (Payment Services Directive 2) in Europe. The introduction of these two new types of service providers aims to increase competition and innovation in the payments industry and to give customers more control over their payment data.
- Improved security: PSD2 requires Strong Customer Authentication (SCA) for electronic payments, which is a measure to increase the security of electronic payments, and to protect the customers from frauds.
- Greater consumer protection: PSD2 strengthens the rights of consumers in relation to access to account information, including the right to receive account information electronically, and the right to receive information on the costs of payment services.
- Harmonisation of payments across the EU: PSD has helped to create a single market for payment services within the EU by establishing a common regulatory framework for PSPs, which has made it easier for consumers to make cross-border payments and for businesses to offer cross-border payment services.
- Reduced costs: By creating a single market for payment services, PSD has helped to reduce the costs of offering payment services, which has led to lower prices for consumers.
In summary, PSD has played a key role in shaping the payments industry in the EU by creating a more open, secure, and consumer-friendly environment for payment services. It has also helped to drive innovation and competition in the payments industry.
Moreover, PSD gave everyone a standard to look to. SEACEN members took elements of it and propelled their economies forward creating in some cases greater financial inclusion.
Countries subject to PSD2.
The PSD’s Global Reach: Inspiring Payment Regulations Beyond the European Union
The PSD has served as an inspiration for regulatory developments in the payments industry in several countries outside of the EU as well. Several non-EU countries have used the PSD as a model to develop their own payments regulations. Some examples include:
- Australia: The Australian government has adopted a regulatory framework for payment services that is like PSD, with a focus on increasing competition and innovation in the payments industry.
- Singapore: The Monetary Authority of Singapore (MAS) has introduced a regulatory framework for payment services that is comparable to PSD, with a focus on increasing security and consumer protection in the payments industry.
- Canada: The Canadian government has introduced a regulatory framework for payment services that resembles PSD, with a focus on increasing competition and innovation in the payments industry.
- Japan: Japan’s Financial Services Agency has introduced a regulatory framework for payment services that is like PSD, with a focus on increasing security and consumer protection in the payments industry.
- United States: The US has not adopted a single directive, but the Consumer Financial Protection Bureau (CFPB) has issued guidance on the use of third-party service providers, which is like the concept of Third-Party Providers (TPPs) introduced by PSD.
- Brazil: Brazil has adopted a regulatory framework for payment services that has a similar philosophy like PSD, with a focus on increasing competition and innovation in the payments industry.
- Switzerland: The Swiss Financial Market Supervisory Authority (FINMA) has implemented the Payment Services Act, which is also modeled after the PSD.
- New Zealand: The Reserve Bank of New Zealand has implemented the Payment Systems (Regulation) Act, which is modeled after the PSD.
PSD has served as a source of inspiration for numerous nations globally. The regulatory framework established by the PSD has helped to drive global harmonization of payments, by creating a common regulatory framework for payment service providers (PSPs) and Third-Party Providers (TPPs). It has also helped to create a more open, secure, and consumer-friendly environment for payment services.
In terms of PSD global reach, within the SEACEN’s stakeholder space there is willingness to use Open APIs. For example, Bank Negara Malaysia’s Interoperable Credit Transfer Framework in 2019 made way for the use of open APIs which made interoperability more seamless.
PSD: Mission Accomplished or Ongoing?
PSD1 was implemented in 2007 and later updated to PSD2 in 2015. However, seven years later, it has been recognized that an update is necessary to ensure it remains adequate and addresses current developments.
There are several reasons why updates to EU directives, such as the Payment Services Directive (PSD), are necessary. Some of the main reasons include:
Technological advancements: As technology continues to evolve and new payment methods and technologies are developed, the EU updates its regulations to keep up with these changes and to ensure that the market remains competitive and innovative.
Consumer protection: The EU updates its regulations to ensure that consumers are protected from fraud and other risks associated with payment services. This is particularly important as the use of digital payment methods increases and the risk of cybercrime becomes more prevalent.
Harmonisation: As the EU continues to integrate, it is necessary to ensure that regulations are harmonized across member states. It facilitates the formation of a unified marketplace for payment services and enables seamless cross-border transactions for both businesses and consumers.
Security: The EU updates its regulations to ensure that the payments ecosystem is safe and secure. This includes ensuring that customer data and transactions are protected from fraud and other forms of cybercrime, and that the payment infrastructure is resilient against external threats.
Market trends: The EU monitors the market trends and adjusts the regulations accordingly so that a level playing field exist.
As previously mentioned, work is currently underway on PSD3 with the aim of increasing the security of payment services and facilitating the adoption of new technologies, such as open banking and instant payments.
The PSD2 regulates digital payments and open finance within the European Union and European Economic Area (EEA). It is anticipated that the PSD3 will broaden its scope.
To understand potential elements of PSD3, it may be beneficial to examine the topics that were discussed and raised during the consultation phase. These topics may offer hints as to what authorities are considering updating or revising.
Some examples of topics that PSD3 may address include:
- Are the current open banking requirements sufficient?
- Are there alternative options to current Strong Customer Authentication (SCA) methods?
- Should the SCA period be lengthened from 90 days to 180 days to reduce customer inconvenience?
- Should there be changes to the limit for contactless payments?
- Should consumers be informed of applicable currency conversion costs before completing transactions?
- Are the current exceptions under PSD2 still necessary?
- Should the execution timing requirements for one-leg-in transactions be speed up?
- Can the authorization process for payment providers and institutions be simplified?
- Should previously unregulated activities such as crypto payments and Buy-Now-Pay-Later (BNPL) services be regulated?
In line with that, presumably MICA (Markets in Crypto-Assets) Regulation in development could have some impact on PSD3. While MICA is a separate proposal from PSD3, it is likely that it will have some impact on PSD3, as both deal with digital assets and payment services. Briefly, MICA aims to create an EU-wide regulatory framework for crypto-assets and DLT, to ensure that crypto-assets are safe and that they can be used in a transparent and reliable way.
MICA will also help to create a level playing field for crypto-assets and their use in the EU, which will help to promote competition and innovation in the crypto-asset market. In that sense, MICA may impact PSD3 by providing a framework for the use of crypto-assets in payment services so that the use of crypto-assets in payment services is in line with EU regulations. This may include provisions for customer protection and security, as well as measures to prevent fraud and money laundering.
However, it’s important to note that MICA and PSD3 are different from each other, and they have different goals and objectives. While they may overlap in some areas, they are not directly linked, and MICA will not replace PSD3.
To be continued.
 An AISP allows customers to access their account information across different payment accounts, such as bank accounts, credit cards, e-wallets, etc., with the customer’s consent. It allows customers to have a consolidated view of their accounts and transactions in one place. A PISP allows customers to initiate payment transactions directly from their AISP or account servicing payment service provider (ASPSP) with the customer’s consent. This allows customers to make payments from their account without the need to login to their bank account.
 SCA: Customers need to provide two of a possible three independent factors: (1) Something you own: something that only the customer owns, for example, a phone; (2) Something you know: something that only the customer knows, for example, a PIN code; or (3) Something you are: something that characterises only the customer, for example, a fingerprint.
 1. Excluding the Faroe Islands and Greenland; 2. Including the Aland Islands; 3. Including Martinique, Guadeloupe, French Guiana and Réunion, Saint Martin and Saint Barthelemy but excluding St. Pierre et Miquelon, Mayotte, New Caledonia and Dependencies, French Polynesia, French Southern and Antarctic Territories, and the Wallis and Futuna Islands; 4. Excluding Aruba and the Netherlands Antilles; 5. Including Azores and Madeira; 6. Including the Canary Islands, Ceuta and Melilla; 7. Including Gibraltar but excluding the Isle of Man, Guernsey, Jersey, Anguilla, Cayman Islands, Falkland Islands, South Georgia and the South Sandwich Islands, Montserrat, Pitcairn, Saint Helena and Dependencies, British Antarctic Territory, British Indian Ocean Territory, Turks and Caicos Islands and the British Virgin Islands.
 MICA is a proposal for a regulation on crypto-assets and their underlying technology, distributed ledger technology (DLT), which is currently under development by the European Council (EC). The EC published the agreed text for MICA on 5 October 2022. It is expected to be ratified in 2023 Q1 and will come into force 20 days later. Firms in scope will then have 12 or 18 months before they need to comply with the requirements of the regulation.
Ayse Sungur is a Senior Financial Sector Specialist in the Financial Stability, Supervision, and Payments Pillar at the SEACEN Centre.