PSD2: what are the new European directives for payment solutions?
The Revised Payment Services Directive (PSD2), which was adopted in 2015 and applies as of September 2019, is meant to harmonize regulations in the payment market. It replaces the PSD1 created in 2007 and integrates new players and technologies.
The main measures of this directive are as follows:
- Additional charges for debit and credit card payments, both in shops and online, are banned
- Refund right for direct debits in euro is unconditional (except in cases of fraud and gross negligence) and consumers’ liability for unauthorised payments is reduced
- The maximum amount a consumer can be obliged to pay in case of an unauthorized payment transaction will be decreased from EUR 150 (DSP1) to EUR 50
- Payment initiation service providers (PISPs) and account information service providers (AISPs) are granted access to their users’ banking information by consent through a secure communication channel
- Strong authentication is mandatory for payments over EUR 30
Strong authentication is required when connecting to your bank’s portal or to a software that can create payments, such as Iziago. It is also required if you want to make an online payment or modify sensitive data. You will need to provide two of the following three authentication factors:
- Something you know (password, PIN code, secret code, etc.)
- Something you own (cell phone, smart card, security card, etc.)
- Something you are (facial or voice recognition, fingerprint, etc.)
The Iziago software provides strong authentication for all types of sensitive operations (login, payments, etc.) by combining the following two factors: access name/password and authentication grid/security card.
The law provides for a few exemptions where strong authentication is not required:
- Transactions under EUR 30
- Recurring transactions with a fixed amount
- Operations towards trusted beneficiaries which were whitelisted
- MOTO (Mail Order and Telephone Orders) transactions
- Inter-regional transactions where the issuer or the acquirer of the card are not based in Europe
- B2B transactions with a company bank card