The European Commission’s (EC) initiative to update the Payment Services Directive (PSD2) to PSD3 is set to change the banking and payments sector significantly. Proposed regulations aim to provide a secure and reliable framework for electronic payments and financial transactions within the European Union (EU), locally or across national borders. The measures are designed to enhance consumer protection and facilitate seamless digital transactions throughout the EU. While the primary focus is on the European market, the cross-border aspect may have broader implications – including US companies that operate globally.
These changes will directly impact compliance, fraud prevention, and customer interactions for most businesses. Here’s what companies should be preparing for as PSD3 takes shape.
Why is PSD2 Changing?
Introduced in 2015, PSD2 reshaped digital payments and security, but the rapid evolution of fintech and fraud tactics means it’s due for an upgrade. The EC’s periodic review has highlighted several areas where regulations need to catch up with technological advances. PSD3 aims to address gaps in security, especially as digital payments grow more complex, including evolving fraud detection and prevention methods.
Like its predecessor, PSD3 will refine regulations around Strong Customer Authentication (SCA) and open banking to enhance security and simplify consumer transactions. One key focus of PSD3 is on open finance, which aims to improve data sharing between banks, tax authorities and payment processors, promoting greater transparency in financial interactions. This regulatory update focuses exclusively on electronic transactions, excluding cash payments and checks, further cementing its relevance in today’s digital financial ecosystem.
For companies, this means anticipating tighter regulations on how customer data is shared and secured and how payments are authenticated. PSD3 will emphasize compliance across electronic transactions, requiring robust systems to protect against evolving fraud risks.
How PDS3 Will Affect Fraud Prevention
A major component of PSD3 will focus on enhancing fraud prevention mechanisms beyond what PSD2 introduced, including:
- Enhanced Open Banking Standards: Under PSD3, businesses that rely on open banking will face stricter data-sharing requirements. For those managing sensitive customer data, this means investing in more sophisticated fraud prevention tools that can secure third-party access to bank information. Fraud detection strategies must be adaptive to these new compliance requirements.
- Strengthened Strong Customer Authentication (SCA): PSD2’s introduction of SCA was a game changer in securing payments, but PSD3 may require additional measures. Expect to implement enhanced SCA options with more extended authentication periods and robust methods to balance security with user experience. Fraud prevention tools must be able to integrate seamlessly with these methods, ensuring frictionless yet secure transactions.
- Broader Scope to Emerging Payment Types: PSD3 may extend regulation to newer forms of payments, such as Buy Now, Pay Later (BNPL) services and cryptocurrency. This will require businesses offering these services to integrate comprehensive fraud protection systems that can handle high-risk, high-frequency transactions.
Preparing for PSD3 Compliance: Fraud and Risk Mitigation
Financial institutions will be required to comply once PSD3 has been finalized, passed into law, and given a transposition deadline. While PSD2 took approximately five years to be fully implemented, PSD3 may follow a similar timeline, with the possibility of an accelerated process due to the fast-changing nature of the payment landscape.
Businesses should proactively assess their systems and processes to ensure readiness for PSD3’s changes. To proactively prepare, three key areas to evaluate include:
1. Data Sharing and Fraud Risk Management: Companies should audit their data-sharing practices to ensure compliance with the enhanced open banking requirements. Leveraging advanced digital footprint analysis and device intelligence can help identify suspicious behavior early and prevent fraud from happening at key touchpoints, such as account registration and payment authorization.
2. Adaptable Fraud Prevention Solutions: PSD3’s fraud focus requires companies to use adaptable fraud detection systems that balance security, convenience and speed. Businesses should invest in solutions capable of handling known threats and evolving fraud tactics, especially those involving synthetic identities and phishing schemes.
3. Regular Compliance Audits and Integration: To meet the evolving PSD3 requirements, businesses must regularly audit their compliance frameworks. This includes fraud prevention solutions that offer scalability and low-latency integration, ensuring they can adapt to increased regulatory pressure without sacrificing performance.
How Will PSD3 Help Fight Fraud?
PSD3 aims to build on PSD2’s foundations to create a more secure ecosystem, particularly in areas vulnerable to fraud, such as contactless payments and digital wallets. Its multi-factor authentication (MFA) approach will be reinforced, and new regulations may include IBAN name verification and open finance data-sharing requirements, helping to protect against prevalent issues like authorized push payment fraud, account takeovers and fraudulent transactions.The directive’s focus on improving transparency and data-sharing standards means businesses must remain vigilant about who can access customer data and ensure all third-party access is secure. Fraud prevention tools like SEON’s, which provide robust identity verification and real-time transaction monitoring, will be critical in ensuring compliance while mitigating risk.
Partner with SEON to reduce fraud with real-time data enrichment, clearbox machine learning, and advanced APIs – while staying compliant.
Ask an Expert
Proactive Preparation: Ensuring Compliance and Security
To stay ahead of PSD3’s implementation, businesses must adopt a proactive approach covering compliance and fraud prevention. Although PSD3 may take several years to roll out fully, companies should begin preparing by investing in advanced fraud detection technologies, conducting regular audits and keeping abreast of legislative changes.
Meeting the new requirements will require businesses to implement effective customer assessment strategies that accurately differentiate between legitimate and fraudulent activities. This may involve analyzing key data points such as location, device, behavioral patterns and transaction histories. A critical approach is identifying suspicious activity early in the customer journey – ideally during login – rather than waiting until a transaction or payment has already occurred.
Advanced technologies like AI-driven, risk-based decision-making and machine learning will be vital in defining “normal” customer behavior and detecting unusual patterns that could indicate fraud. By incorporating these solutions now, businesses will be better equipped to adapt quickly and ensure compliance with PSD3’s evolving standards. Those who act now will be well-positioned to thrive as PSD3 reshapes the payments landscape.
You might also be interested in:
- SEON: What Is Transaction Monitoring in AML & How to Set It Up
- SEON: How Advanced Technology is Driving Authorized Push Payment Fraud
FAQ
It is still early days. Legislation is expected to be drafted by the European Commission in Q1 or Q2 of 2023, then passed, and then each EU/EEA country will be given a deadline to transpose it into national law. Ultimately, PSD3 is unlikely to be in effect before 2026 or even later.
They is a way to encourage and empower healthy competition, including between banks and other financial institutions, as well as protect consumers and companies – all according to the European Commission.
Sources
Europa.EU: Payment services – review of EU rules
European Banking Authority: EBA replies to European Commission’s call for advice on the review of the Payment Services Directive
