PSD3 and PSR: what you need to know

The aim of Directive (EU) 2015/2366 on payment services in the internal market (“PSD2”), which came into force in January 2018, was to create a harmonised European market by strengthening the security of online payments while fostering innovation through competition between payment players.  PSD2 is considered as a true revolution in the European regulation for payment services and electronic money, but it nevertheless needs to be modified and modernised to mitigate risks and adapt to new developments and market growth. The European Commission has therefore presented new proposals to strengthen consumer protection and stimulate innovation.

These proposals directly affect marketplaces to continue delivering a smooth and secure payment experience. Get an overview of the 3rd Payment Services Directive (“PSD3”) and the new Payment Services Regulation (“PSR”) in this article.

PSD3 and PSR: what’s it all about?

The proposals for the third European Payment Services Directive (“PSD3”) and Payment Services Regulation (“PSR”) were published on June 28, 2023. These two pieces of legislation should shape the next phase of Open Banking – the sharing of banking data with fintechs in particular – and aim to correct the weaknesses of PSD2. Through PSD3 and PSR, the European Commission aims to “bring payments and the wider financial sector into the digital age.” The European Commission’s proposals are a response to the boom in electronic payments, new digital players, and the increased risk of fraud associated with technological progress.

Main new features of PSD3 and PSR

PSD2 initiated Open Banking, allowing third-party payment service providers access to customer banking data to foster innovation and competition. Since then, the payment services market has significantly evolved, and the number of electronic payments has increased (reaching a value of 240,000 billion euros in 2021, compared with 184,200 in 2017). This intensification – which is also the result of the Covid-19 pandemic – is accompanied by new providers who have entered the market by exploiting these open banking services. In tandem with these developments, various fraud techniques have emerged in recent years. Increasingly sophisticated, they justify the need for regulatory changes.

See also: PSD2 for marketplaces: how does it work?

Through PSD3 and PSR, the European Commission aims to modernise payment services, enhance consumer protection, and boost competition in electronic payments while strengthening trust and security in the face of new threats. At the heart of the discussions are securing data sharing to benefit from a broader range of services, improving the payment experience, and reducing the risks of fraud due to the digital transformation. The two texts include the following elements:

• Improving Open Banking: by requiring banks to share more information with Payment Service Providers (PSPs) and enhancing Open Banking infrastructures to remove the remaining barriers to providing open banking services, and thus facilitate the market entry of new innovative services.
• Fighting payment fraud: PSD3 aims to improve the fight against illicit transactions by enabling PSPs to share all fraud-related information. It also aims to strengthen identity verification for payment service users through authentication and data reconciliation rules in the context of bank transfers. This implies risk education and greater reimbursement flexibility in the event of fraud.
• Protecting payment service users’ rights, mainly when funds are temporarily blocked for reasons beyond their control. PSPs will be responsible for improving the transparency of account statements, and all available customer data must be accessible to them.
• Leveling the playing field between banks [credit license] and non-banks [E-Money and payment institution licenses] by improving (direct or indirect) access to EU payment systems and bank accounts for non-banking PSPs, with appropriate guarantees.
• Providing greater coordination and enforcement: adopting most payment rules in a directly applicable regulation (unlike the directive) and consolidating provisions on enforcement and penalties.
• Giving the possibility (but not the obligation) for users to share their data with data users (e.g., financial institutions or financial technology companies) to obtain new and innovative financial services tailored to market needs.
• Forcing user data holders (e.g., financial institutions) to make it available to data users, subject to user authorisation and by establishing the necessary technical infrastructures (APIs).
• Allowing customers to have complete insight and control (via dashboards) of the access authorisation for their data granted to third parties and the purposes for which it is used, in compliance with the General Data Protection Regulation (GDPR), to ensure enhanced personal data protection.
• Standardising customer data and technical interfaces required for financial data sharing systems, with data holders and users becoming members.
• Clarifying the responsibility of each payment actor in the event of data breaches and dispute resolution mechanisms.
• Providing an additional incentive for data holders to implement high-quality interfaces in return for “reasonable financial compensation.” In addition, data users will have read access to the data but cannot carry out transactions on behalf of users.

Marketplaces: how to adapt and comply with the new regulations?

As soon as a marketplace collects funds from payers and remits them to merchants, its activity is assimilated to the “provision of payment services” and is therefore directly concerned by PSD2 and soon PSD3 and PSR.

To comply with national and European legislation, marketplaces can obtain approval from their national authorities (like the ACPR for France or the BaFin for Germany), apply for an exemption from approval, or use the services of a payment service provider (PSP). The latter is the preferred solution in most cases. The PSP, itself approved by its national authority, mandates the marketplace to collect funds on behalf of third parties and provides a management interface.

As a licensed pan-European payment service provider, Lemonway handles the technical and regulatory aspects of facilitating the management of financial transactions on marketplaces in compliance with national and European regulations, so that marketplaces can remain focused on their core business. Would you like to find out more? Please contact us.