What is PSD2?
PSD2 follows on from the original Payment Services Directive (PSD), which was adopted by the European Union (EU) in 2007. This legislation established an EU single market for payments to encourage the creation of safer, more innovative payment services. PSD2 was adopted by the UK Payments Services Regulations (PSR) and is amended from time to time and includes associated regulatory technical standards as developed by the European Banking Authority (EBA).
PSD2 builds on previous legislation by Increasing customer rights including complaints handling with new rules on surcharging and currency conversion, Enhancing security through SCA (Strong Customer Authentication) criteria, and, Enabling Third-party providers access to account information providing opportunities for new payment and account services.
PSD2 enhances Customer Rights by:
Mandating that terms and conditions are clear and transparent. PSD2 also mandates greater transparency around currency and exchange rates at point of sale.
- Mandating that payment providers resolve complaints in a timely and appropriate manner. For example, all PSD2 related complaints must be responded to within a maximum of 15 business days. The timeframe may only be extended to 35 business days where an answer cannot be provided due to reasons outside the direct control of the Bank.
- Providing clear timeframes that dictate how payment providers report incidents like fraud and customer complaints to the relevant authority.
- Including requirements for card issuers to make funds available to customers as soon as a final amount for a transaction is known.
- Prohibiting surcharges on consumer credit, debit and pre-paid card transactions across the EU.
Commercial cards are not necessarily subject to the same rules on surcharging in certain Eu member states like France, Italy and Sweden. The UK however has decided to allow surcharging on commercial cards.
Other benefits of PSD2
PSD2 introduces security enhancements to reduce fraud
PSD2 introduces security enhancements to reduce fraud by way of a two-factor ID requirement for certain transactions, therefore providing our customers with extra security. Customers will be required to provide two forms of ID from the following three options:
- Knowledge: something only the customer knows, such as a PIN or Password
- Possession: something only the customer has, such as a mobile phone or payment card
- Inherence: something unique to the customer, such as their fingerprint
The payments industry has successfully lobbied for certain exemptions to the two-factor process being applied to all transactions. The full list of exemptions is set out in the Regulatory Technical Standards.
PSD2 provides a framework for new payment and account services
Through Open Banking. Open Banking is one aspect of PSD2 that has gained the most attention as it aims to give customers greater visibility and control over their finances.
Open Banking gives customers the opportunity to use new kinds of services to manage money including sharing financial data and making payments in new ways. A popular example of the new services that will become possible is the ability for customers to view all accounts with different banks in one place via Internet Banking.
Open Banking has created a requirement for banks to release Application Programming Interfaces (APIs) allowing TPPs (Third-Party Providers) – also known as AISPs (Account Information Service Providers) and PISPs (Payment Initiation Service Providers) – to access bank accounts and in doing so, enabling the creation of entirely new and independent services.
PSD2 Timeline
The majority of PSD2’s requirements became law on January 13th 2018, including those relating to enhancing consumer rights and surcharging.
The Strong Customer Authentication (SCA) requirements and third-party access framework came in to force on the 14th of September 2019.
GHIB Customers – Keeping Your Data Safe
If you are a GHIB Customer, you are advised to ensure that you understand the services being rendered by a company or TPP requesting your account and login details. You should ensure that any such company or TPP is authorised by the FCA to carry out any services within Open Banking. For more information, please read the FCA Guidance on these services.
TPP (Third Party Provider) Information
If you are a Third-Party Provider offering AISP, PISP and CBPII services, please use the link below in order to test Ghana International Bank Plc’s dedicated interface.
Ghana International Bank has partnered with Token.io (UK) to provide and support Ghana International Bank’s Open Banking and dedicated access. The data will be shared via Application Programming Interfaces (APIs).