The EU takes stock of whether PSD2 is a success

The second payment services directive, which took effect in 2018, was designed to open up banking, cut fees on card transactions and reduce fraud. How well has it worked?
European Union flags in front of the Berlaymont building (European commission) in Brussels, Belgium.

It is more than four years since payments in Europe underwent a revolution. In 2018, the regulations of Europe’s Payment Services Directive 2 (PSD2) came into force across the EU, then including the UK.

PSD2 ushered in a new era of open banking, giving consumers more control over how they managed their payments and bank accounts, and opening competition to new players in the banking and finance sector. It forced banks to allow competitors access to their customer data, making it easier for consumers to switch to a bank offering them a better deal.

The regulations also introduced new security measures intended to make online payments safer. These included two-factor strong customer authentication (SCA) for certain electronic payment transactions and for accessing accounts online. It required consumers to identify themselves in two different ways when making a payment, such as typing a password, entering a code on a smartphone or confirming a payment using a fingerprint.

PSD2 also introduced a ban on shops and online retailers from adding additional surcharges for payments made with credit and debit cards.

Assessing the effectiveness of PSD2

So has the new regime worked? To find out, the European Commission started a series of consultations this summer to review the effectiveness of the PSD2 regulations and determine the extent to which its objectives had been achieved. If further changes or clarifications are required, this might lead to a third directive at some point.

Mairead McGuinness, the financial services commissioner, declared the 12-week review open in mid-May. She said that, since the enactment of PSD2, “a wide array of new players – in particular, technical service providers – have become key actors in the payments ecosystem. And they are not all effectively supervised. With the increase of digitalisation and ecommerce, social engineering and scams pose a growing threat to payment security and consumer confidence. As new types of fraud emerge, we must be ready to improve both detection and prevention measures.”

A wide array of new players, in particular technical service providers, have become key actors in the payments ecosystem. And they are not all effectively supervised

Hundreds of stakeholders – including trade associations, businesses (not only in the payments sector) and individuals – have responded to the consultations.

One of them, the European Banking Authority (EBA), believes that the benefits of PSD2 are starting to materialise. 

“The security requirements – in particular, SCA – are having the desired effect of reducing fraud,” it wrote in its submission. The EBA has found that the share of fraud by value is three times higher for payments authenticated without SCA compared with payments authenticated with SCA.

Is new regulation a barrier to financial inclusion?

But not everyone is convinced that SCA is the right way to do this. Denmark’s financial affairs minister, Simon Kollerup, says that, while SCA has led to a significant decrease in fraud cases, it can cause inconvenience for users and may create “a lack of financial inclusion for vulnerable and non-tech savvy citizens”.

The European Security Transport Association (Esta) represents companies in the European cash management industry. It also expressed concerns over financial inclusion in its response to the consultation, calling on the commission to ensure that cash payments are included in any new directive (they are excluded from PSD2). 

“Consumers must have a right to pay in cash”, while “retailers must have an obligation to accept payments in cash,” Esta said. It added that the “war on cash” had advanced by seven years during the pandemic, largely because authorities had been making unsubstantiated claims about the risk of contamination through cash transactions.

PSD2 bans merchants from imposing surcharges for the use of credit cards. There are concerns in some quarters about the impact of this move. 

For instance, Germany’s Federal Cartel Office argues that, while the interchange fees that banks charge merchants for using cards have fallen, the payment scheme fees charged by the likes of Visa and Mastercard have increased and have been passed through to consumers through higher prices. It says that consumers using relatively inexpensive payment methods have ended up “cross-financing the more expensive methods”.

How travel sector is struggling to adapt

The travel sector in particular has faced problems operating under PSD2. For example, it’s been hard for operators to handle bookings for services such as hotel accommodation where the traveller doesn’t show up and has no incentive to provide further authentication to cover the cost of the booking. 

There has also been confusion regarding bookings made on company credit cards and so-called lodged cards, where companies require their employees to use a single company card number that has been ‘lodged’ with their travel agent when booking business trips. Such transactions are exempt from SCA but there is no ban on card surcharges unlike for consumer transactions.

However for companies requiring employees to use their own cards rather than corporate ones, these exemptions do not apply. In these cases, there are difficulties handling bookings for services such as hotels and car rental where payment is only made when the travel happens rather than at booking. 

Some airlines have also been using incorrect assumptions – for instance, that payments made using American Express cards are exempt from the requirements of PSD2 because Amex is based outside the EU.

Travel technology organisation EU Travel Tech has called on the commission to provide further clarification of surcharge requirements so that they are applied more consistently and fairly across member states.

Digital Europe, a trade association for digital industries, has called for certain exemptions from PSD2 – most notably, charging terminals for electric vehicles, in order to hasten the move away from petrol and diesel.

What’s next for open banking?

The open banking revolution promised by PSD2 has come to fruition, at least in part. Competition has increased in the payments sector, with more than 2,700 new payment institutions and electronic money institutions registered since the directive took effect.W

The European Banking Federation (EBF) believes that overall, PSD2 has contributed to increasing levels of innovation, competition and security and that concepts such as SCA have been “positive developments”.

However, in its response the EBF said it might be too early to comprehensively gauge the impact PSD2 has had on the market. Further change should keep “regulatory consistency as a core principle”, it said. The EBF also believes that a review of PSD should look beyond open banking into open finance, which would extend regulation to cover pensions, insurance and investments.

McGuinness sees this as a potential route for new regulation. When she announced the review, she said: “Open finance has the potential to spark new, innovative products personalised to individual consumers – while those consumers keep control over their data.”

The payments sector has also moved fast. One of the big questions is whether Europe will bring in new regulations for innovative payment types, such as crypto transactions, digital wallet services and buy-now-pay-later (BNPL) schemes. The combined value of BNPL transactions worldwide jumped from £29bn in 2019 to £103bn in 2021. But the number of consumer complaints about BNPL in the UK has risen sharply.

Further innovation in the payments space seems inevitable. Europe’s regulators will have to move sharply to ensure that there’s a level playing field for newcomers and legacy businesses, while protecting the consumers who use them.