The Netherlands’ finance minister has offered the European Commission her thoughts on how the revised Payment Services Directive (PSD2) could be improved, with fraud and data protection taking centre stage.
Sigrid Kaag, the Dutch minister of finance and deputy prime minister, has set out her hopes for improving the EU’s payments directive and introducing an open finance framework.
Revisions to PSD2 and an open finance legal framework are anticipated to be proposed by the European Commission by the second quarter of 2023.
Sources have speculated whether PSD2 will encompass minor revisions, with a greater portion of its focus dedicated to the introduction of an open finance framework.
However, other sources have suggested the commission may be more ambitious, and merge together PSD2, the E-Money Directive and even the Settlement Finality Directive.
Kaag’s recommendations borrow and take inspiration from the Dutch government’s PSD2 review that took place earlier this year.
The evaluation was focused on the effects of PSD2 on the Netherlands’ payments market, with a particular focus on how PSD2 affected consumer protection (including privacy and data protection), innovation and competition, as well as the security and robustness of the payments sector.
In her recommendations to the commission, Kaag says that enhanced measures to counter fraud are necessary.
“PSD2 introduced new provisions to battle bank fraud. While these types of fraud have diminished since then, new types of fraud have become prevalent, such as phishing and spoofing,” suggesting that any review of the PSD-framework should deal with these new types of fraud.
Furthermore, Kaag points out, there are few requirements for payment service providers (PSPs) to check their clients, in particular online retailers, with the aim of countering fraud. “In many instances fraud could have been prevented if PSPs had done better checks on the reliability of their clients and had signalled unusual patterns earlier.”
“We recommend the commission to explore new measures to counter new types of fraud, and to enhance the role of PSPs in identifying malicious fraudulent actors and preventing them from being able to perform illegal activities.”
Elsewhere in her letter, however, Kaag does acknowledge the flaws with strong customer authentication (SCA).
“There are signals that a significant group of payment service users, especially vulnerable people, feel that SCA-methods are burdensome and lead to a decrease in the accessibility of the payments system,” she points out.
Kaag’s recommendations to the commission also consider regulatory overlaps between PSD2 and the EU’s General Data Protection Regulation (GDPR).
“The private sector has indicated that, although relevant national and EU institutions have provided guidance over the years, there are still overlaps and misalignments between PSD2 and GDPR.”
Furthermore, more general data related EU regulations are being developed at this moment, such as the European Data Act, Kaag pointed out.
“We recommend the commission to thoroughly check the alignment of the existing PSD2 framework and a potential future open finance framework with the GDPR and other general data related EU legal frameworks.”
Kaag also recommends that the commission explore whether requirements or standards on payment transaction information could be beneficial.
“As nonbank PSPs have become increasingly important since the introduction of PSD, more and more consumers and merchants use them,” Kaag pointed out. “However, it is often unclear in transaction overviews who the beneficiary of the transaction was if a PSP was involved.”
In other words, often PSPs use a general — segregated — account to collect the payment, where the payer can only see on their bank statement that they have done a transaction with a PSP but cannot verify who the exact beneficiary was.
“This can lead to risks for fraud and unfair commercial practices, but also to uncertainty for consumers as they sometimes do not have a good overview of their transactions,” Kaag said. “This is especially prevalent with payments for subscriptions.”
API standardisation
Kaag’s recommendations also weigh in on the debate over application programming interfaces (APIs). “We recommend the commission to explore whether common EU API-standards (either a single standard, or a limited set of different standards) would benefit the payments market and could contribute to a more effective general framework for open finance.”
“While during the drafting of PSD2 and the underlying Regulatory Technical Standards the private sector indicated that they wanted to have the freedom to come up with their own APIs, they now indicate that a general API standard at the EU-level would be welcomed and would lead to a more efficient application of PSD2,” Kaag said.
The issue has been incredibly divisive in the payments and financial services sectors. One source recently told VIXIO that they are “absolutely in favour” of a common API standard, so long as it draws on the work of established frameworks, such as that of the Berlin Group, which created the NextGenPSD2 common API standard.
Meanwhile, another source from the banking community said that a recommendation like this “made sense seven years ago” but is no longer relevant and could be a burdensome, and a costly process for those in scope.