PSD2 is coming. Are you ready?
What is PSD2?
The second Payment Services Directive or PSD2 is a European law which comes into full force on 14th September and which will make it more secure for you to make electronic payments when shopping or banking online.
PSD2 aims to make payments safer, increase consumer protection and continue to promote innovation and competition while maintaining a level playing field for all parties.
While some elements of the PSD2 legislation have applied from 13th January 2018, the full rollout from September will result in changes to how customers bank and shop online by introducing added security rules referred as Strong Customer Authentication (SCA).
The legislation also allows for the secure provision of new services by Third Party Providers (TPPs), which is referred to as Open Banking.
What is Open Banking?
Open Banking allows customers use the services of regulated Third Party Providers (TPP) to provide the following:
1. Payment Initiation Services
When buying goods or services online from a retailer you’ll be offered the option to pay directly from your bank account, using an authorised TPP, as an alternative to entering your debit or credit card details. TPPs who offer this service are known as a Payment Initiation Service Provider – PISP
2. Account Information Services
This allows you to use the services of an authorised TPP to help you manage your accounts in a clearer and better manner. TPPs who offer this service are known as an Account Information Service Provider – AISP.
If you choose to use these services, you’ll need to give explicit consent to the TPP.
You choose the services that a TPP can provide, and you can always choose to revoke consent at any time.
You are always in control.
All TPPs are regulated by the Central Bank of Ireland or by the National Competent Authority of their home European Union state. Therefore, these TPPs are subject to strict security and data protection laws, similar to KBC. KBC will check the TPP is regulated before they grant access to the TPP.
In addition, you can request information from the TPP, confirming they are a regulated entity, before you give consent.
Strong Customer Authentication (SCA)
What is SCA?
The principle of SCA is to increase security for electronic payments through the introduction of two factor authentication protocols. This is a security process where you may be asked to verify your identity in two different ways such as with a PIN or a fingerprint.
SCA will be used when accessing online payment accounts or making payments online. KBC already use Strong Customer Authentication however with PSD2 it is likely to be used more frequently to provide enhanced security.
How is SCA applied?
Your identity will be authenticated using at least two of the following factors, each of which are independent of each other:
- Knowledge – something only you know e.g. your online banking PIN
- Possession – something only you have e.g. your card reader or mobile phone
- Inherence – something you are e.g. your fingerprint
For more information on PSD2 you can view the European Commission PSD2 Factsheet (pdf, 83KB)