PSD2's now more complicated, but it still stops fraud
It may not be top-of-mind given the coronavirus, but the deadline for PSD2 compliance is approaching.
The Payment Service Directive 2 is a European regulation that will usher in the next phase of anti-fraud measures for the payments industry. PSD2 is expected to increase security for online transactions and encourage more competition through open banking.
As many know, open banking allows the networking of accounts and data across institutions for use by consumers, financial institutions and third-party service providers. As it relates to PSD2, all financial institutions must “open” their customer information and payment networks to PSPs and a relatively new, but related, industry, third-party payment providers (TPPs), which are expected to drive payment innovation and competition.
With advanced identity attacks on the rise it’s critical that the PSD2 directive and open banking mechanisms are supported by strong identification and authentication controls for both humans and machines so there is no chance of impersonation or fraud. This is why PSD2 requires digital eIDAS qualified authentication and non-repudiation certificates.
Organizations have been slow to ramp up their PSD2 preparedness and the coronavirus adds another layer of complexity.
On the one hand, the outbreak might further complicate the process as face-to-face or notarized validation is required for these types of certificates with limited alternative validation techniques available. On the other, the virus may accelerate the shift toward digital channels — yet another reason to ensure PSD2 compliance.
While currently a Europe-centric initiative, there has been talk of introducing open banking to the U.S. in the Senate, though no serious discussions have evolved just yet. The concept has also received support from the U.S. Consumer Financial Protection Bureau, but that was three years ago. It may be that the U.S. will continue observing activities in Europe from the sidelines for several years before it takes any meaningful actions.
It will be interesting to see how PSD2 rolls out next year throughout Europe. Financial institutions have had years to prepare for it, so hopefully it will be a fairly seamless process. Once in place, the technology measures should result in a significant reduction in fraud.