PSD2 is an EU directive that was introduced in 2015 and which relates to financial transactions within the wider European Economic Area and not just the EU. According to the European Payments Council: The objectives of PSD2 are to make payments safer, increase the consumers’ protection, foster innovation and competition while ensuring a level playing field for all players, including new ones. In the UK, PSD2 was implemented in the ‘Payment Services Regulation’ of 2017 which is enforced by the Financial Conduct Authority (FCA). The UK deadline for compliance has been pushed back to March 2021.
PSD2 changes who can access end-user bank account data and how that access is granted. Once given permission by the customer, it will allow vendors, making an online transaction, to access users’ account data, directly, without redirection to a third-party service. PSD2 will also allow registered Account Information Service Providers (AISPs), approved by the FCA, to access account user information and display it in one place, allowing users of systems like Xero and QuickBooks to see all their financial data in one convenient location.
A key element of PSD2 is SCA (Strong Customer Authentication), which consists of three different forms of identification: knowledge, possession, and inherence. Knowledge would be either a password or pin, possession, a physical object, such as a card and inherence, a fingerprint or voice recognition. Normally, two of these forms of identification will be required, but for remote transactions, an authentication code may also be required. Some industry figures predict that as many as 25-30% of e-commerce transactions could be declined in the weeks following the switch to full SCA. Payment service providers may also need to use phone calls, text messages, card readers or banking apps to verify customer identity.
Despite the initial problems that this additional security may cause there is no doubt that, in the face of burgeoning cyber-crime, these new levels of customer security are necessary corrective. Criminals stole £1.2 billion through fraud and scams in 2018 and a recent survey revealed that 43% of customers are concerned about the threat of online fraud to their business. Whilst the majority of private business account holders won’t need to take any action to keep their bank feeds operable, not all financial tools and services, currently available, are PSD2 compliant. Some TPP finance applications, such as Yodlee, will stop working and systems such as QuickBooks and Xero won’t be able to access necessary data. Businesses need to switch credit card providers to one which does not use Yodlee, such as Soldo, which can integrate with software like Xero and will allow straightforward bank feeds in software like Expensify.
Cash flow is one of the biggest causes of insolvency among SMEs in the UK, PSD2 should bring with it much greater transparency and immediacy to financial transactions, reducing dramatically time wasted chasing payments. The legislation will also drive innovation in digital banking and make cloud-based accounting software essential to all businesses.
