Comparing PSD2 with PSD3 Regulations Specifics: What to Expect and How to Get PSD3-Ready?

In this article, you’ll discover more about the key changes brought by PSD3, differences to PSD2 compliance, and how businesses should prepare for the advent of PSD3.

What is PSD3?

The story of the Payment Service Directive (PSD) began in 2007, when it was released to regulate payment services within the EU. Later, in 2016, PSD2 was introduced and came into force by January 2018. The second edition of the Directive aimed to improve efficiency, security, and consumer protection in the payments landscape.

A few years later, on June 28, 2023, the European Commission (EC) published new legislative proposals for PSD3, an enhanced and updated version of PSD2, and a Payment Services Regulation (PSR) that will regulate all activities of payment service providers (PSPs) across the EU. PSD3, as an EU Directive, must be implemented into the national laws of the EU Member countries. At the same time, PSR, as an EU Regulation, will directly apply across all EU Member countries without any interpretation or adapting to national laws.

Source

The new regulations could be finalized by 2025 and fully come into force in 2026. Most financial organizations are now undergoing digital transformation, and it makes sense to adapt all current enhancements to the future PSD3 regulations as far as possible.

PSD2 vs. PSD3: The Key Changes

PSD3 represents a substantial upgrade from its predecessor, PSD2. It broadens and builds upon the foundation established by PSD2. The European Commission seeks to introduce new concepts to involve previously overlooked stakeholders.

PSD2 introduced Strong Customer Authentication (SCA) for secure payments. It also encouraged standardized communication interfaces (APIs) for third-party access and enhanced customer rights and competition. PSD3 merges payment and e-money frameworks and allows non-banks to access payment systems. It also refines the Open Banking (OB) framework. In general, PSD3 enhances and strengthens regulations for payment services within the EU, expanding certain areas:

The proposed implementation of PSD3 has yet to be confirmed and officially scheduled. As of now, it remains a legislative proposal. Once approved, the implementation timeline will be determined by the relevant authorities. Some existing and upcoming regulations are moved from the PSD directive to the PSR regulation which automatically comes into force in all EU member states when announced.

Due to the complexity of the regulations and their impact on the technology and the business landscape of the banks, it is important to monitor the development of the PSD3 proposal and plan changes accordingly. Monitoring the regulation development and understanding forthcoming challenges will reduce the risks of missing regulatory deadlines.

Opportunities and Considerations for Financial Organizations Facing PSD3

PSD3 aims to create a more consistent regulatory environment by amending and replacing certain parts of PSD2. This standardization will provide banks and other stakeholders with clarity and predictability, streamlining compliance efforts.

Source

The upcoming changes to the legal framework imply both challenges and opportunities for financial institutions. Here are the main aspects to consider:

Level Playing Field

PSD3 addresses the need for a level playing field between non-bank payment providers and traditional banks. It grants payment and e-money institutions the right to access settlement infrastructures across the EU directly. Banks can leverage this access to enhance their services.

OPPORTUNITY: Banks can extend their cooperation with FinTechs, which may lead to a broader market approach. It requires investments in technical infrastructure and organizational changes to use this opportunity for growth.  

Enhanced Security and Fraud Prevention

With Strong Customer Authentication (SCA) in action, fraud remains a critical concern. In 2023, nearly 60% of banks, credit unions, and FinTechs lost over 500K EUR/USD in direct fraud losses. PSD3 is aimed to enhance payment security and transparency by adopting validation similar to the “confirmation of payee” used in the UK. This name-checking service assures the money is sent to the intended recipient. Other improvements include a liability model for cases of authorized push payment (APP) fraud and transaction monitoring to facilitate SCA application.

OPPORTUNITY: Banks can leverage these security enhancements to build trust with customers by providing secure financial transactions. With more investment into security and transaction monitoring forced by PSD3, banks will be able to achieve lower transactional risks and therefore, potential losses due to fraud.

Assess Your Security Posture and Ensure Data Compliance

Learn more

Open Banking Evolution

PSD3 emphasizes enhancing consumer access and usability in open banking. The performance and availability will be improved through detailed API specifications (e.g., permissions dashboard). Banks can benefit from wider data access (under the Financial Data Access (FDA) regulation) and cross-border innovation.

OPPORTUNITY: Banks can integrate account information services into their processes such as credit scoring based on the customer’s payment history or currency account opening. They get opportunities to capture market share through innovating customer-centric solutions, personalization, and a wider range of services. Read more about the role of APIs in extending banking capabilities.

Steps to PSD3-Readiness

To stay ahead of the curve, banks, financial institutions, and payment processors are advised to explore ways to adapt their systems as soon as the PSD3 goes through all the necessary legislative procedures within the member countries.

The steps to PSD3-readiness are the following:

• Compliance: Stay up to date with evolving PSD3 compliance requirements and review current contracts for PSD3 impact assessment. Monitor the process of legislation development and changes to PSD3 and PSR proposals.
• Gap analysis: Assess the current processes, infrastructure, and performance to identify the changes to be done. They may include changes to the business model, collaboration with partners, IT infrastructure, operations, and all other aspects that may be affected by the upcoming regulations.
• Business impact analysis: Assess business opportunities that your organization can get from implementing the regulation. Define the priority use cases and necessary changes to enable them.
• Develop a plan for further improvements with proper tech stack and selected solutions.
• Implement the changes.
• Conduct appropriate testing to ensure the implemented changes function correctly. Some changes like open banking or other partnering services, should be tested together with the third parties involved.
• Deploy all improvements into the production environment and keep your business aligned with all regulatory updates to address them timely.

While no final PSD3 and PSR versions have been approved, now is the right time to prepare for the upcoming changes. If your financial business undergoes digital transformation and modernization, it is more than reasonable to align the advancements with the upcoming PSD3/PSR requirements.

Conclusion

The evolution from PSD2 to PSD3 marks significant improvements in regulating payment services across the European Union, covering areas that lacked regulation before (e-money, blockchain, and others). While new regulations are aimed to positively impact the financial industry, adapting to changes and maintaining PSD3 compliance can be stressful and resource-consuming for business.

Infopulse helps financial institutions to undergo this transition smoothly and effectively. Banking & Finances are one of our primary focus industries, where we have rich experience in architecture modernization, inspection and compliance management, custom development acceleration, cybersecurity, and other related services.

Getting PSD3-ready inevitably involves changes in your current tech solutions, even if they comply with PSD2. And those built around APIs, should be properly managed, documented, and standardized. Infopulse engineers are ready to help you get well-prepared for the official PSD3 and PSR release and achieve all advancements without interrupting your operations.