Tomorrow, the revised EU Directive on Payments (PSD 2) will go live in most EU Member States.
PSD 2 has the ambition to open the payments market to new entrants and facilitate innovation and competition. It will enable this transformation by requiring banks to open their payment infrastructure to third parties such as payment initiation service and account information service providers. As a result, consumers are expected to have greater choice when it comes to managing their finances.
So far, so good. PSD 1 was an EU success when it comes to pan-European financial services legislation. PSD 2 is considered even more ground-breaking than its predecessor and represents one more attempt at EU level to keep pace with the technological developments and security challenges in the field of payments.
As always, the devil is in the detail: some of the Directive’s provisions, as well as certain related technical measures, have been shown to be far from satisfactory for many industry players. Moreover, the pace of technological change in payments is such that the Directive’s approach might be out of date before the revision in 2021.
Providing consumers with both security and convenience
When drafting the so-called regulatory technical standards (RTS) on strong customer authentication (SCA), EU regulators knew they had a difficult job at hand: making electronic payments more secure while ensuring consumers were not discouraged by different authentication steps.
Along the way, the objective of ensuring lower fraud levels and protecting consumers might have surpassed the need to make paying an easy and seamless step when purchasing goods and services. From September 2019 (date to be confirmed), when paying online consumers will have to follow a more secure authentication method requiring two of the following elements: i) password, pin or ID number, ii) a device/payment instrument they own and iii) a fingerprint, face or voice recognition. The few exemptions to this rule are not flexible enough to avoid this process from becoming a burden according to many industry players.
For this trade-off between security and convenience, the battle over these technical standards among EU Institutions and relevant authorities (such as the European Banking Authority) and between the EU and stakeholders from different sectors made the drafting process longer than expected.
The ecommerce sector, which is generally not in the front-line when it comes to lobbying on financial services legislation, reacted to the draft RTS asking in a letter to Commissioner Dombrovskis for better calibrated exemptions to SCA because “any extra click required to confirm a purchase would discourage the consumer from finalizing the purchase”.
Another letter from November 2016, co-signed by industry players from the payments, tech and airline sectors among others, warned that the new requirements would make online shopping much more onerous than it is today and that a too rigid method of authentication could actually make transactions more prone to fraud “as fraudsters are more likely to effectively target rigid rules that do not evolve quickly”.
The final RTS do not address these concerns in full. It will only be in almost two years’ time, when they are expected to come into force, that assessments can begin as to whether these rules work well. New trends in the market might well have emerged by then.
The ban on surcharging
So far retailers have been allowed to impose charges to customers using debit or credit cards to pay for goods and services de facto making these more expensive than they would be if paid for with other means of payment, e.g. cash (a practice called surcharging). The reason is that accepting cards has a cost for retailers and part of this cost was simply passed on to the consumer.
The Interchange Fee Regulation of 2015 imposed a cap on fees that card schemes such as VISA and Mastercard could charge to merchants for the use of certain payment instruments. As a result, the cost of accepting card payments will now be cheaper for retailers.
PSD 2 adjusts to these developments and requires Member States to impose a partial ban on surcharging, giving them the possibility to extend this ban to cover three-party schemes. In other words, from now on retailers will not be allowed to impose the above-mentioned charges to customers that pay with a VISA or a Mastercard, but might be allowed (depending on the Member State) to impose these charges to customers paying with cards not covered by the Interchange Fee Regulation.
As a consequence, the same good or service might have a slightly different cost from one Member State to another according to how consumers pay for it. In fact, while some Member States have decided to extend the ban on surcharging to all card schemes (e.g. the UK and Italy), others have opted only for a partial ban (Germany among others).
It is unclear at present what the reaction of retailers will be to this ban, but it is surely something to watch out for in the next few months and years, as is the consequences for competition of a partial ban on this practice.
The debate around payments has never been so lively, with new players emerging in the market and well-established ones trying to adjust to keep pace with technological changes.
The European Commission is looking at the so-called FinTechs (in the field of payments and other financial services sectors) with particular favour: they are consumer-friendly and provide new retail solutions, while incumbents such as banks fail to evolve because of factors such as concerns over security and the difficulty of changing their processes and technology among others.
New trends are emerging, with some countries (for instance, Sweden is leading the race) taking steps towards become cashless societies.
Drafting pan-European rules that capture all these developments – let alone preparing to meet future ones – has probably never been so difficult.
We will have to just wait and see which trends are here to stay, and which are instead short-lived ideas. EU regulators are probably taking the same approach but, in the meantime, “the show must go on” and the regulatory framework needs to be updated, to the greatest extent possible.