The Payment Services Directive 2 (PSD2) which came into effect in January 2021, was launched to increase competition and innovation within the European banking industry in order to improve the banking experience for the end-customer. However, PSD2 will place new demands on the underlying technology architectures of banks. In this article, we take a look at what are the new directives under PSD2 and how banks can be compliant leveraging Temenos.

What is the PSD2 regulation?

PSD2 or Payment Services Directive 2 is the revised version of the EU directive PSD1 that was implemented back in 2007. PSD2 was introduced to provide a single market for making payments in the European Union (EU). Once the open banking system became popular in the European market, small businesses and consumers started to engage with new fintech companies and applications. Since the number of new players increased rapidly, the EU recognized they needed to update PSD1. Thus, PSD2 was implemented with an intention to provide a common platform for competitors, improve protection of consumer information, make online payments safer for customers, and address payment fraud.

PSD2 builds on the previous version of PSD, incorporating the following changes:

1. ‘One leg out’ transactions: This refers to those transactions where one of the PSPs (payer or the payee) is based outside of the EU. PSD2 ensures that financial service providers in the EU shall provide information and transparency on the costs and conditions of international payments, at least in respect of their part of the transaction. These financial institutions can also be held liable for their part of the payment transaction if something goes wrong that is attributable to them. These transactions were out of scope in PSD1.

2. Access to accounts (XS2A): PSD2 introduces Access to Account (XS2A) to enable open banking. XS2A allows customers to use the services of third-party providers to access account information or initiate transactions on their behalf with the customer’s consent. Under this regulation, the banks maintaining customer payment account information are compelled to give third-party providers (TPPs) secure access to customers’ banking information but only after getting the customers’ permission.

3. Preventing payment surcharges: PSD2 has banned “surcharging” for consumer card payments including debit and credit cards, for both online and in-shop payments. This has helped lower charges for consumers. Previously, surcharges were applied on card payments.

4. Increased security for online payments: PSD2 states that financial institutions that hold payment accounts will need to secure online payments initiated by European consumers with two-factor authentication (2FA). Consumers will be asked to confirm payments by entering a secret one-time password (OTP) received by SMS or a code generated by a smartphone app or with a biometric identifier like a fingerprint or facial recognition. The financial institutions must inform the consumers about the elements needed to confirm the payment. This helps to improve the protection of consumer information and provide strong customer authentication.

Three ways banks are responding to PSD2

Level 1 – Being Compliant

In compliance with the law, banks provide access to account and payment data to third parties via both APIs and ISO messages. They fulfil transparency requirements by providing the required payment information to the payer, both before and after the transaction. They support ‘one leg out’ transactions where one PSP is outside of the EU, and support the security and authentication standards as per PSD2.

Level 2 – Monetizing Access

Banks are providing access to additional data and insight beyond what is stipulated by PSD2 and are charging for it, creating a new revenue stream e.g., non-payment account data for loans, direct debit mandates, mortgages etc. Banks following a Level 2 PSD2 strategy can optionally create API marketplaces where API providers can publish open APIs that can be accessed and consumed by third parties.

Level 3 – Become an AISP or PSP

Banks become either an account information provider (AISP) or a payments initiation service provider (PSP) using insights from own and third-party sources to provide additional value-added services to their customers. In addition to providing financial services, banks are taking on new roles like becoming access facilitators or distributors of third-party products and services to their own customers. The availability and transparency of information from third parties in addition to the vast customer data the banks hold themselves, will enable banks to use the power of predictive analytics to precisely differentiate their offers versus non-traditional competition.

PSD2 related solution provided using Temenos

Temenos provides a fully integrated front-to-back API-based solution architecture. The Temenos solution architecture will help banks to not only comply with PSD2, but also to implement a strong API-based framework that will help to capitalize on the investment required for the regulation.
Temenos Core Banking provides complete end-to-end processing capabilities across retail, private and corporate banking using common core components. The Temenos PSD2 APIs enable aggregation of account balances and account movements on to the Front-office components, allowing customers to view their accounts, balances and transaction summary via the Temenos Channels. This aggregated data is used throughout the Temenos stack including Temenos Analytics and Temenos Risk & Compliance solutions, to generate a 360-degree view of the customer or enable real-time marketing campaign management capability, insights on product profitability etc.

A Realtime Success Story

This is how Aspire helped a leading bank in UK & Bermuda leverage Temenos to improve performance and be PSD2 compliant.
Aspire upgraded the client’s application using latest Temenos digital products. We made it possible by performing the following:

  • Enhanced authentication as per PSD2 requirements from European Union.
  • Enabled additional features for higher usability.
  • Reduced time-consumption and increased efficiency.

Read the full case study here to know how we enhanced performance, compliance, and customer experience for a leading bank.