Comparing PSD2 with PSD3 Regulations Specifics: What to Expect and How to Get PSD3-Ready?
- Banking & Fintech
- Cybersecurity
- Data & Analytics
- Innovations
- Digital Transformation
- Digital Experience
In this article, you’ll discover more about the key changes brought by PSD3, differences to PSD2 compliance, and how businesses should prepare for the advent of PSD3.
What is PSD3?
The story of the Payment Service Directive (PSD) began in 2007, when it was released to regulate payment services within the EU. Later, in 2016, PSD2 was introduced and came into force by January 2018. The second edition of the Directive aimed to improve efficiency, security, and consumer protection in the payments landscape.
A few years later, on June 28, 2023, the European Commission (EC) published new legislative proposals for PSD3, an enhanced and updated version of PSD2, and a Payment Services Regulation (PSR) that will regulate all activities of payment service providers (PSPs) across the EU. PSD3, as an EU Directive, must be implemented into the national laws of the EU Member countries. At the same time, PSR, as an EU Regulation, will directly apply across all EU Member countries without any interpretation or adapting to national laws.
The new regulations could be finalized by 2025 and fully come into force in 2026. Most financial organizations are now undergoing digital transformation, and it makes sense to adapt all current enhancements to the future PSD3 regulations as far as possible.
PSD2 vs. PSD3: The Key Changes
PSD3 represents a substantial upgrade from its predecessor, PSD2. It broadens and builds upon the foundation established by PSD2. The European Commission seeks to introduce new concepts to involve previously overlooked stakeholders.
PSD2 introduced Strong Customer Authentication (SCA) for secure payments. It also encouraged standardized communication interfaces (APIs) for third-party access and enhanced customer rights and competition. PSD3 merges payment and e-money frameworks and allows non-banks to access payment systems. It also refines the Open Banking (OB) framework. In general, PSD3 enhances and strengthens regulations for payment services within the EU, expanding certain areas:
PSD2 vs PSD3 + PSR
FEATURES
PSD2
PSD3
Scope of regulated entities
Focused on creating a more integrated and efficient European payments market, improving competition by opening the banking sector to new entrants (third-party providers or TPPs), and enhancing consumer protection and security.
Expected to broaden the regulatory scope even further, potentially covering areas not fully addressed by PSD2, like cryptocurrency, blockchain technology, digital currencies, and other emerging innovations.
Customer protection
Introduced Strong Customer Authentication (SCA) and secure communication standards to protect consumers against fraud and unauthorized payments.
Aims to introduce stricter requirements for transparency, particularly regarding terms and fees of payment services. Consumers may obtain more substantial rights to dispute resolutions.
Security measures
Laid the groundwork for improving digital payment security through SCA and secure open APIs for data sharing between banks and 3rd-party providers.
Might push security measures further by more sophisticated security requirements to combat evolving cyber threats (enhanced data protection standards, more rigorous access controls, mandatory reporting of cybersecurity incidents, etc.)
Open Banking & data sharing
Significantly streamlined the use of open banking in Europe, mandating banks to provide access to their customers’ account data (under customer’s consent) to third-party providers.
Can expand the open banking framework with additional data sharing requirements and standardize APIs across a broader spectrum of financial services.
Sustainability & social responsibility
No regulations provisioned
Might incorporate elements to address environmental sustainability and social responsibility in the financial sector. It could involve guidelines for sustainable finance practices and the promotion of financial products that support environmental and social goals.
Innovation and Competition
Encouraged new players (FinTechs) alongside traditional providers
Aims to foster innovation while maintaining stability.
The proposed implementation of PSD3 has yet to be confirmed and officially scheduled. As of now, it remains a legislative proposal. Once approved, the implementation timeline will be determined by the relevant authorities. Some existing and upcoming regulations are moved from the PSD directive to the PSR regulation which automatically comes into force in all EU member states when announced.
Due to the complexity of the regulations and their impact on the technology and the business landscape of the banks, it is important to monitor the development of the PSD3 proposal and plan changes accordingly. Monitoring the regulation development and understanding forthcoming challenges will reduce the risks of missing regulatory deadlines.
Opportunities and Considerations for Financial Organizations Facing PSD3
PSD3 aims to create a more consistent regulatory environment by amending and replacing certain parts of PSD2. This standardization will provide banks and other stakeholders with clarity and predictability, streamlining compliance efforts.
The upcoming changes to the legal framework imply both challenges and opportunities for financial institutions. Here are the main aspects to consider:
Level Playing Field
PSD3 addresses the need for a level playing field between non-bank payment providers and traditional banks. It grants payment and e-money institutions the right to access settlement infrastructures across the EU directly. Banks can leverage this access to enhance their services.
OPPORTUNITY: Banks can extend their cooperation with FinTechs, which may lead to a broader market approach. It requires investments in technical infrastructure and organizational changes to use this opportunity for growth.
Enhanced Security and Fraud Prevention
With Strong Customer Authentication (SCA) in action, fraud remains a critical concern. In 2023, nearly 60% of banks, credit unions, and FinTechs lost over 500K EUR/USD in direct fraud losses. PSD3 is aimed to enhance payment security and transparency by adopting validation similar to the “confirmation of payee” used in the UK. This name-checking service assures the money is sent to the intended recipient. Other improvements include a liability model for cases of authorized push payment (APP) fraud and transaction monitoring to facilitate SCA application.
OPPORTUNITY: Banks can leverage these security enhancements to build trust with customers by providing secure financial transactions. With more investment into security and transaction monitoring forced by PSD3, banks will be able to achieve lower transactional risks and therefore, potential losses due to fraud.
Open Banking Evolution
PSD3 emphasizes enhancing consumer access and usability in open banking. The performance and availability will be improved through detailed API specifications (e.g., permissions dashboard). Banks can benefit from wider data access (under the Financial Data Access (FDA) regulation) and cross-border innovation.
OPPORTUNITY: Banks can integrate account information services into their processes such as credit scoring based on the customer’s payment history or currency account opening. They get opportunities to capture market share through innovating customer-centric solutions, personalization, and a wider range of services. Read more about the role of APIs in extending banking capabilities.
Steps to PSD3-Readiness
To stay ahead of the curve, banks, financial institutions, and payment processors are advised to explore ways to adapt their systems as soon as the PSD3 goes through all the necessary legislative procedures within the member countries.
The steps to PSD3-readiness are the following:
- Compliance: Stay up to date with evolving PSD3 compliance requirements and review current contracts for PSD3 impact assessment. Monitor the process of legislation development and changes to PSD3 and PSR proposals.
- Gap analysis: Assess the current processes, infrastructure, and performance to identify the changes to be done. They may include changes to the business model, collaboration with partners, IT infrastructure, operations, and all other aspects that may be affected by the upcoming regulations.
- Business impact analysis: Assess business opportunities that your organization can get from implementing the regulation. Define the priority use cases and necessary changes to enable them.
- Develop a plan for further improvements with proper tech stack and selected solutions.
- Implement the changes.
- Conduct appropriate testing to ensure the implemented changes function correctly. Some changes like open banking or other partnering services, should be tested together with the third parties involved.
- Deploy all improvements into the production environment and keep your business aligned with all regulatory updates to address them timely.
While no final PSD3 and PSR versions have been approved, now is the right time to prepare for the upcoming changes. If your financial business undergoes digital transformation and modernization, it is more than reasonable to align the advancements with the upcoming PSD3/PSR requirements.
Conclusion
The evolution from PSD2 to PSD3 marks significant improvements in regulating payment services across the European Union, covering areas that lacked regulation before (e-money, blockchain, and others). While new regulations are aimed to positively impact the financial industry, adapting to changes and maintaining PSD3 compliance can be stressful and resource-consuming for business.
Infopulse helps financial institutions to undergo this transition smoothly and effectively. Banking & Finances are one of our primary focus industries, where we have rich experience in architecture modernization, inspection and compliance management, custom development acceleration, cybersecurity, and other related services.
Getting PSD3-ready inevitably involves changes in your current tech solutions, even if they comply with PSD2. And those built around APIs, should be properly managed, documented, and standardized. Infopulse engineers are ready to help you get well-prepared for the official PSD3 and PSR release and achieve all advancements without interrupting your operations.
![Data Analytics Use Cases in Banking [thumbnail]](/uploads/media/thumbnail-280x222-data-platform-for-banking.webp)
![Mobile Banking Trends [Thumbnail]](/uploads/media/thumbnail-280x222-mind-your-app-why-reinventing-mobile-banking-really-matters.webp)
![AI and RPA Integration for Banking [Thumbnail]](/uploads/media/thumbnail-280x222-ai-and-rpa-integration-for-banking-possibilities-of-intelligent-automation.webp)
![API as a Product in Banking [thumbnail]](/uploads/media/thumbnail-280x222-business-opportunities-of-api-products-in-banking-and-finance.webp)
![Overview of Connected Banking and its Benefits [thumbnail]](/uploads/media/what-is-connected-banking-its-promises-and-benefits-280x222.webp)
![API Strategy for Banking [thumbnail]](/uploads/media/whys-and-hows-of-api-strategy-for-banking-280x222.webp)
![Open Finance vs Open banking [thumbnail]](/uploads/media/how-open-finance-extends-capabilities-of-open-banking-280x222.webp)
