PSD2 (Payment Services Directive 2) standard has had a full impact on online operations and activities. From, especially, banking and finance to any e-commerce, this European regulation has laid the foundations for accessing online banking and reinforcing security in electronic payments made within a market of 500 million users.
Harmonizing the European market makes it possible to standardize the processes related to electronic payments in 28 different countries, assuming an easy, simple and unique way for companies, both European and international, to penetrate it and to be able to offer their products and services without difficulties and with security.
PSD2, Payment Services Directive
PSD2 Regulation (EU Directive 2015/2366) was approved by the European Commission in order to replace the previous law. PSD, which laid the foundations to regulate electronic transactions related to payments, was born as a result of the penetration of the market by new crucial players such as Fintech and given the need for higher levels of transparency regarding online activities.
PSD2 deepens this point by creating a single market for online payments throughout Europe, easy to penetrate for both European and international companies and that offers the best security guarantees to users.
Thanks to AML5 and eIDAS, companies can access a homogeneous market of 500 million users. Download our whitepaper here for free.
PSD2 introduces important criteria regarding the security of payments, modifies the responsibility in cases of theft and fraud in addition to mitigating risk by minimizing the number of necessary actors during the processes.
Payment services (TTPS) now see their operating conditions improved with respect to the rest of the players, which increases transparency and optimizes payment processes.
The possibilities offered by PSD2
As we have been anticipating, the two key points of PSD2 are the reinforcement of the security of online operations and the innovation and optimization of processes. That is why, on many occasions, it is compared GDPR in terms of data including what PSD2 comes to contribute in.
The standardized use of identity verification processes is introduced to corroborate that a client is who he claims to be, thus extending the already known in the financial sector KYC (Know Your Customer) process with the introduction of the SCA (Strong Customer Authentication) concept.
Getting to know the identity of the client in a legitimate way and with guarantees is mandatory for many industries, where banking and finance stand out, due to AML (Anti-Money Laundering) protocols and their own needs given the nature of their activities. That is why eKYC (electronic Know Your Customer) merges with the requirements proposed by PSD2 for secure online payments.
Contact eID through this form and an expert will advise you on PSD2 and SCA standards.
Facial biometrics in PSD2
Identity verification processes within the PSD2 standard for payments and other types of online activities can be carried out in different ways. However, not all of them rigorously meet the security and technical needs and requirements in order to reduce fraud risks to zero and effectively identify users.
This is where facial biometrics comes into play, such as SCA (Strong Customer Authentication) and 2FA (Two-Factor Authentication), to provide payments with the adequate security level required at PSD2 regulation.
The facial recognition system records the biometric pattern of the person creating an unambiguous mathematical model that is associated with the identity of the user. Solutions such as VideoID and SmileID include dozens of real-time video checks thanks to AI and machine learning to completely eliminate the risks of impersonation through images or deepfakes, from live smile to depth detection.
Learn in this article all the details about facial recognition.
The identity verification process through live facial recognition with video identification does comply with the standards defined by PSD2 for SCA processes, unlike the methods that use static images or selfies, which do not guarantee adequate security.
Companies: how are they affected
With PSD, electronic businesses had to make a call to a series of intermediaries that connect with the means of payment (Paypal, Visa, Mastercard …) and, later, perform the payment. Thanks to PSD2, the client can authorize the online store or company to execute the payment.
This change introduces a new process in which e-commerce and the bank are connected through an API, improving the security of the process and avoiding intermediate steps. This guarantees more privacy for the user, protecting their data and being able to carry out the eKYC process on the web or app with reinforced authentication to avoid fraud.
This change in the processes will lead to the birth of PISP (Payment Initiation Service Provider) and AISP (Account Information Service Provider) services. The first type of application acts as an intermediary between the financial institution or bank and the electronic store, while the second one focuses on platforms to store the data of users’ financial products and services.
Safer users thanks to PSD2
Thanks to PSD2, as we have been discussing security controls that prevent online fraud such as identity are introduced. This way, it is impractical for a possible offender to carry out operations on other’s behalf and access the contracted products and services.
The security reinforcement introduced by the PSD2 directive blocks unauthorized online payments and prevents the use of a stolen credit card thanks to SCA double-factor authentication procedures. Identity verification parameters such as fingerprint, iris of the eye or facial pattern are inaccessible to digital criminals.
The terms of liability have also changed. Now, the user will only be responsible for unauthorized payments up to 50 euros, compared to the 150 quantity of the previous directive, being the company the one that will have to face the defrauded amount .
eID, comprehensive solutions to comply with the standard
Electronic IDentification, RegTech 2020 company, is an expert in regulations associated with online user-organization relationships. With extensive experience in the Fintech area, we develop comprehensive solutions for all technology and regulatory compliance needs so that companies and institutions can offer an agile, simple and safe user experience.
PSD2, AML5 and eIDAS have transformed the market not only at the European but also at an international level so that businesses can optimize their processes, drive their growth and expansion, develop and acquire customers like never before.
Discover here a variety of applicable use cases that strictly comply with PSD2, SCA, AML and electronic signature processes.