The Second Payment Services Directive (PSD2) is due to become UK law on 13th January 2018 and it imposes huge penalties on non-compliance.
These EU regulations are intended to improve consumer protection and digital security for online payments and cover the processing of online payments.
Despite Article 50 the UK will still have to comply, not just until it leaves the EU but afterwards if we are to do any online business with the EU.
How do firms comply with PSD2?
SME and larger exporters using digital Payments Service Providers, not to mention those PSPs in the Fintech and traditional financial services sectors, need to keep their businesses active and viable so they would be advised to look at their current processes and payment systems and amend them where necessary.
PSD2 has four main stated purposes:
* Improved EU integration
* A strong regulatory framework
* Enhanced consumer fraud protection
* Encouraging lower prices for payments
Compliance with the new regulations means that PSPs will have to provide information and transparency for the parts of any transaction for which they are responsible with regard to the charges and conditions relating to national and international payments.
Compliance also focuses on the need for strong mutual authentication of payments, the sharing of account and financial information and financial transactions.
Surcharging will be banned for card payments in the majority of cases (including consumer debit and credit cards), both online and in shops, such as when booking flights or paying in a newsagent. This will apply to domestic as well as cross-border payments.
PSPs will also be held liable in the event of a problem being attributable to them or their lack of compliant systems.
To comply with the new PSD2 regulations, PSPs will therefore need to review their passwords and authentication solutions, IT systems and customer interfaces. This may also help them to identify new potential products and services none the least that provided by a K2 investment: SafeLogin™ by tricerion.com.
Marketing materials and customer terms and conditions may also need to be reframed to comply as will complaint handling and alternative dispute resolution procedures.
PSPs will also need to review and possibly strengthen their fraud, security and risk management processes as well as their reporting requirements. It may also be necessary to review staff resources and training.
Finally, they should also be aware that the scope of the new regulations has been widened to include not only private consumers but also business customers, so many of the new regulations will no longer be subject to corporate opt-out provisions.