What PSD2 means and how retailers can prepare for it

By: Neil Burton

The EU’s second Payments Services Directive (PSD2) has kept banks, payments services providers, consultants, lawyers and conference organisers busy over recent months.  

But retailers, perhaps left confused by the build-up and hype, may be left wondering what it all means. Will PSD2 have any significant impact for them?

The answer is yes. And no.

This article explains what PSD2 is, and what it means for retail, online and in store.

What is PSD2?

PSD2 is a Directive

Legally, it has to be translated into Regulation by each member state. A few countries, including Britain which has a strong record of adherence, have done so on time. Several other EU states haven’t, yet.

Some, like the Dutch, are holding back due to yet-to-be reconciled differences between PSD2 and GDPR. Until everyone is on board, the wider EU goal of harmonisation of payments schemes (SEPA, the Single Euro Payments Area) and more generally of markets still remains distant.

It's complicated

The EU has asked the EBA (European Banking Authority) to help out by defining exactly how the regulatory principles should be executed. That’s taking a little longer than expected; the RTS (Regulatory Technical Standards) especially around SCA (Strong Consumer Authentication) are yet to be finalised, and won’t come into force for about another 18 months at the earliest.  It takes time to change systems and procedures, even once the spec is known.

The death of surcharges

The main immediate impact being seen by shoppers — and therefore retailers — is the cessation of surcharges, such as those sometimes levied when paying by credit card online. PSD2 removes surcharging for any payment method, not just card payments.

This will create a level playing field between payment instruments; and avoids unexpected fees being levied on consumers after they’ve spent time filling in online forms. Firms can still set a minimum purchase amount, and of course retailers have to replace the card fee income somehow, so it’s unlikely that all of the £166million per annum (in the UK) that the regulators claim will be ‘saved’ will be passed on to consumers.

Aside from that, there is no material change to in-store payments. Card payments, which today account for three quarters (77%) of all retail spending in the UK – meet the basic requirement of RTS SCA. EMV, with its Chip-and-PIN, already has the necessary two out of three possible authentication methods – something you have, something you know, something you are (typically biometrics).

Most contactless transactions are exempt so that consumers will not be inconvenienced by low value transactions. This is good news particularly as half of all debit card transactions (51%) will be contactless in a decade.

Online payments face a tougher challenge and arguably SCA has the most impact for online payments. Planned changes to the major methods for card scheme payer authentication (or 3D Secure 2.0) will likely tackle the need for SCA. That said, online merchants will need to ensure that these are properly implemented.

Operational challenges

There are two big payment changes that will come later:

1. Online payments will be impacted by SCA

Two-part authentication will specifically impact any cardholder not present environment.  Once the Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) are finalised, web-retailers will have to be ready to change their ecommerce acceptance processes to enable this.

Exceptions will be permitted, for example by firms which can prove the level of fraud they incur is consistently below stringent EU levels, probably favouring larger online retailers and marketplaces who can afford the tools to achieve this.

On a plus side, stronger authentication will boost security and help reduce the escalating online fraud against UK retailers which totalled an estimated £189.4 million in 2016 – a rise of 20% on the previous year.

2. Broadening payment choice

The choice of payments methods available to merchants and consumers may widen. This is being driven by:

1. PSD2 - which further opens the door for appropriately-regulated and run non-bank firms to offer payments services.
2. Open Banking initiatives – which require banks to give those firms access to consumer bank accounts (subject to consumer opt-in).
3. Instant Payments - i.e. near-immediate account-to–account transfers, which are already available in a number of EU territories. 

Remodelling payments

Together these three drivers are enabling new payments models.  For example, where a smartphone user could pay a merchant, in real-time, from one bank account to another. Such a model might be less expensive for merchants and provide quicker settlement; and some consumers may prefer its convenience.

However, to achieve this requires operators – either banks or Payments Initiation Service Providers (PISPs), the new category of regulated payments provider created by PSD2 – to step up with big investments ahead of realisable consumer demand.

For retailers, all of this presents a bit of a challenge. Some consumers may prefer to ‘pay instant’; but many will continue to use card.  Merchants will need to support both, in as elegant and cost-effective way as possible. Retailers in the Nordics, such as Dagrofa, where real-time smartphone person-to-person payments are widely adopted, have already experienced and solved for this challenge.

The ostrich effect

More broadly, PSD2 has to compete for attention and resources with many other pressures on retailers. Payments may be important, but it’s unlikely to make the agenda in the boardroom very often. In large part that may explain why few have paid it much attention.

Recent research by Consult Hyperion and CCGroup reveals that fewer than half of retailers are aware of PSD2 and 67% were not ready to comply by the deadline.  In addition, it confirms that most merchants are treating it as a compliance issue and not a business opportunity, with only 16% looking to take advantage of PSD2.

By ignoring PSD2 and failing to modernise, retailers not only put their business at risk but may also miss out on unique opportunities.  These include using payment choice as a key differentiator; the delivery of more personal services through increased access to customer data; and potential new revenue streams from financial services.

For omni-channel retailers, more payment choice will also drive new innovation in store with the evolution of POS that accommodate new banking apps and alternative payments. Already we are seeing a new generation of handheld devices designed to do just that and deliver new types of connected commerce that enhance the shopping experience.

Get ready for the shake up

So PSD2 alone is unlikely to transform retail. But it’s an important enabler in the mix.

It will empower customer authorised and regulated PISPs to credit merchant accounts direct from consumer bank accounts in near real-time.

Requiring banks to open access to bank accounts (aka XS2A, or access to accounts), will undoubtedly open the door to new business models and ‘unicorns’.  Added to Open Banking, Instant Payments, smartphones, newgen technology at the POS, and fast-changing consumer expectations – change is certain, and probably ranges right up to disruption.

So how can retailers prepare to meet these challenges head on?  Verifone has put together a quick checklist to help them get started:

What to continue doing:

• Be informed
  Guidance is widely available, make sure you’re aware of, and understand, scope, exemptions and any sections of the directive which directly impact your business – now and in the future.
• Check surcharge status
  Make sure you’re not in breach of current regulation.
• Build-in time
  Reengineering websites for 2-factor authentication can take longer than you think.  Make sure you allow enough time to be ready when it takes effect.
• Monitor fraud levels
  If you can prove a low level of fraud you may be able to secure exemption from the SCA.
• Have a roadmap
  Allocate investment and set targets now.  It’s easier to prioritise and reduce risk when you have a plan and the resources to achieve it.
• Get on the agenda
  Include PSD2 in your discussion with IT and payment partners, senior management, operational teams and acquiring banks, they all need to be active participants in evolving your strategy.

How to prepare for PSD2:

• Have a payments strategy
  Decide if you want to widen your appeal by accepting a wider variety of payments.  Consider customer needs and preferences. And watch what competitors are up to.
• Set ‘time’ goals
  Decide when you want to go to market with new services, make sure you consider the long as well as short term needs of your retail business.
• Watch the big boys
  Major online players – both retailers and marketplaces, and perhaps especially those with banking or payments service provider licences – will be looking to take advantage of PSD2 to expand their presence.  Stop them encroaching on your customers by ensuring you’re able to compete with their payment formats.
• Consider new business and revenue models
  As the ecosystem evolves, look out for new partners, technology and types of service.  Some retailers will seek to become payment providers.  Others may look at partnering with third parties to offer payment apps.
• Source richer data
  Approved third parties will be able to access bank and transactional data (with the customers permission).  Retailers will be able to work with them to harness this, delivering more personalised offers and promotions to drive greater convergence and uplift.
• Use Investment across channels
  Omni-channel retailers can piggy-back PSD2 investments to enhance and upgrade their physical POS infrastructure. Delivering a better ‘connected’ experience for consumers.

By: Neil Burton, Head of Change Management - Europe, Verifone UK & Ireland