Glossary PSD3

PSD3

What is Payment Service Directive 3 (PSD3)?

The Payment Services Directive 3 (PSD3) is the latest update to the European Union’s regulations on payment services, building on the framework of PSD2. PSD3 aims to enhance consumer protection, promote competition, and modernize the payment services market within the EU.

Key features of PSD3:

  1. Enhanced Consumer Protection
    PSD3 introduces stricter measures to safeguard consumers against fraud and improve dispute resolution processes. Strong Customer Authentication (SCA) requirements are further refined to combat risks in electronic payments.
  2. Promoting Competition
    By making market entry easier for non-bank payment service providers (PSPs), PSD3 encourages innovation and expands consumer choice.
  3. Technological Modernization
    Addressing the rise of digital and mobile payments, PSD3 ensures the regulatory framework keeps pace with technological advancements.
  4. Operational Resilience
    PSD3 enforces robust security standards, requiring PSPs to strengthen incident reporting and cyber-attack resilience.
  5. Open Finance
    Aligned with the EU’s Open Finance strategy, PSD3 fosters better data sharing and interoperability, encouraging efficiency and innovation in financial services.
  6. Updated Scope
    PSD3 refines definitions and expands its scope to cover new payment services and transactions that emerged since PSD2.

Overall, PSD3 represents a significant step toward a more secure, competitive, and innovative payment ecosystem in the EU.

Differences between PSD2 and PSD3

While PSD2 was a major milestone, PSD3 introduces several improvements to address emerging challenges:

  1. Enhanced Fraud Prevention
    PSD3 combats evolving fraud tactics like “spoofing” by introducing IBAN-name verification for all credit transfers and enhancing fraud information sharing among PSPs.
  2. Improved Open Banking
    PSD3 removes obstacles that hindered open banking under PSD2. Banks must now offer dashboards for consumers to manage data-sharing permissions.
  3. Access for Non-Bank PSPs
    PSD3 ensures non-bank PSPs have access to payment systems and the right to a bank account, leveling the playing field.
  4. Integrated Frameworks
    By merging regulations for payment services and electronic money institutions, PSD3 simplifies the regulatory environment.
  5. Streamlined Consumer Rights
    Transparency in transactions, particularly for blocked funds, is improved, and unused funds must be released faster.
  6. Harmonized Regulations
    PSD3 incorporates more provisions into directly applicable EU regulations, reducing inconsistencies between member states.

These updates ensure PSD3 addresses today’s payment landscape challenges while enhancing security and usability.

What is the scope of PSD3?

PSD3 applies to a broad range of payment service activities, including:

  • Payment Institutions: Covers banks, electronic money institutions, and non-bank PSPs.
  • Consumer Protection: Introduces stricter fraud prevention measures and transparency requirements.
  • Open Banking: Expands data-sharing capabilities and requires permission management dashboards.
  • Cross-Border Services: Improves the consistency and security of cross-border payments.

PSD3 reflects the EU’s commitment to creating a modern, secure, and inclusive payment services mark

What is the timeline/status of PSD3?

The Payment Services Directive 3 (PSD3) is currently in the proposal stage, following a comprehensive evaluation and consultation process. Here’s a breakdown of its timeline and current status: 

  1. Evaluation of PSD2
  • In 2022, the European Commission conducted an evaluation of PSD2, gathering input from stakeholders through public consultations, expert groups, and studies. This evaluation highlighted both the successes and shortcomings of PSD2, providing the foundation for PSD3 . 
  1. Stakeholder Consultations
  • Throughout 2022, a series of consultations were held, including an open public consultation, targeted consultations, and expert group meetings. These consultations informed the drafting of PSD3, ensuring it addresses the evolving needs of the payments market . 
  1. Proposal Publication
  • The draft of PSD3 was published in 2023. This proposal includes both a new directive (PSD3) and an accompanying regulation (PSR) that together aim to modernize the regulatory framework for payment services in the EU . 
  1. Legislative Process
  • After publication, the proposal entered the EU’s legislative process, where it is being reviewed and negotiated by the European Parliament and the Council. This process can take several months to a few years, depending on the complexity of the negotiations. 
  1. Implementation Timeline
  • Once adopted, PSD3 will come into force 20 days after its publication in the Official Journal of the European Union. Member States will then have 18 months to transpose the directive into national law . 
  1. Expected Application
  • Assuming a typical legislative timeline, PSD3 could start being applied around 2025, depending on when it is officially adopted and published. 

PSD3 is moving through the legislative process, with a focus on updating and improving the existing framework set by PSD2, addressing new challenges in the payments market, and ensuring greater consumer protection and market efficiency across the EU. 

What is Strong Customer Authentication (SCA)?

SCA is a security requirement designed to reduce fraud in electronic payments. It mandates the use of at least two of the following:

  • Something Known (e.g., password or PIN)
  • Something Possessed (e.g., phone or smart card)
  • Something Inherent (e.g., fingerprint or facial recognition)

Implications for Businesses:

  1. Mandatory Compliance
    SCA is required for most online payments. Businesses must implement systems for multi-factor authentication.
  2. Impact on Customer Experience
    While SCA improves security, additional steps can affect user experience. Streamlining authentication processes is crucial.
  3. Exemptions
    Certain transactions, like low-value or recurring payments, may qualify for exemptions, enabling smoother payment flows.
  4. Technological Upgrades
    Businesses may need to invest in new authentication technologies to comply with SCA requirements.

Balancing security with convenience is vital to maintaining customer trust and ensuring smooth payment experiences under PSD3.

What is the Payment Services Regulation (PSR)?

The Payment Services Regulation (PSR) complements PSD3 by enforcing specific, directly applicable rules across the EU, ensuring uniformity and reducing regulatory discrepancies.

Key Aspects of PSR:

  • Harmonization
    PSR ensures consistent enforcement of payment service rules across all member states.
  • Technical Standards
    It establishes conditions for system access, security protocols, and transparency requirements.
  • Consumer Protection
    The regulation strengthens safeguards against fraud and ensures clear communication of payment terms.
  • Supervision
    PSR grants enforcement powers to national authorities and defines penalties for non-compliance.

Together, PSD3 and PSR modernize and harmonize the EU payment services market.

PSD3 and PSR form an integrated regulatory framework for payment services:

  1. Complementary Roles
    PSD3 sets the overarching principles, while PSR enforces specific rules uniformly across the EU.
  2. Harmonization
    PSD3 allows national adaptations, but PSR ensures direct applicability, reducing inconsistencies.
  3. Consumer Protection
    Both enhance security and transparency, with PSD3 introducing updates and PSR ensuring enforcement.
  4. Implementation
    PSD3 requires national legislation, while PSR is immediately applicable across the EU.