Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
1
The Human Chain
Payment Services Directive 2
The Human Chain Ltd
www.thehumanchain.com
Payments	Services	Direc0ve	2	
•  Original	Payment	Service	Direc0ve	2007/64/EC	adopted	December	2007	
•  Since	its	adop0on:...
PSD2	-	Aims	&	Objec0ves	
3
•  Con0nue	to	harmonise	the	European	payments	landscape	from	a	regulatory	
perspec0ve	
•  To	es...
PSD2	-	Overview	
4
PSD2
Liability for
Payments
Transparency of
Payments & Charges
Strong Customer Authentication
Access to...
PSD2	–	Impacts	&	Implica0ons	
5
Business	as	Usual	 Development	
Liability	for	Payments	
•  Enhanced	Consumer	Rights	
•  “N...
PSD2	–	Access	to	Accounts	
6
•  Access	to	Accounts	will	drive	disrup0on	(innova0on)	in	payments	
•  An	accelerator	for	tec...
PSD2	-	Poten0al	Opportuni0es	
7
Customer	Bank	D	
Mortgage	
Customer	Bank	C	
Investments	
Customer	Bank	B	
Savings	Account	...
PSD2	-	Poten0al	Opportuni0es	
8
Customer	
Customer	Bank	D	
Mortgage	
Customer	Bank	C	
Investments	
Customer	Bank	B	
Saving...
PSD2	–	Strong	Customer	Authen0ca0on	
9
•  EBA	Discussion	Paper	(pre	consulta0on	&	RTS)	–	Strong	Customer	Authen0ca0on	
•  ...
PSD2	–	Strong	Customer	Authen0ca0on	
10
•  Ar0cle	4(30)	provides	that	strong	customer	authen0ca0on	means:	
•  Knowledge	(s...
PSD2	-	Timescales	
11
•  PSD2	has	been	published	in	the	OJEU	and	entered	into	force	on	12	January	2016	
•  Member	States	m...
PSD2	-	Summary	
12
•  PSD2	published	in	the	OJEU	and	entered	into	force	on	12	January	2016	
•  Transposi0on	into	Na0onal	L...
13
Brendan Jones
The Human Chain Limited
Magdalen Centre
The Oxford Science Park
Oxford
OX4 4GA
United Kingdom
Mob: +44 77...
how can we help - what we do
14
technology
consultancy
business
consultancy
digital service
realisation
test and learn, Po...
Upcoming SlideShare
Loading in …5
×

SPF PSD2 Presentation January 2016 V1.1

  • Login to see the comments

SPF PSD2 Presentation January 2016 V1.1

  1. 1. 1 The Human Chain Payment Services Directive 2 The Human Chain Ltd www.thehumanchain.com
  2. 2. Payments Services Direc0ve 2 •  Original Payment Service Direc0ve 2007/64/EC adopted December 2007 •  Since its adop0on: •  The retail payments market has experienced significant technical innova0on •  Rapid growth in the number of electronic and mobile payments •  Emergence of new types of payment services in the market place •  Market developments have given rise to significant challenges from a regulatory perspec0ve •  Significant areas of the payments market (e.g. internet/mobile payments) remain fragmented along na0onal borders •  Many innova0ve payment products or services do not fall within the scope of Direc0ve •  Elements excluded from original scope, such as certain payment-related ac0vi0es, has proved in some cases to be too ambiguous, too general or simply outdated •  Resulted in legal uncertainty, poten0al security risks in the payment chain and a lack of consumer protec0on in certain areas •  Proven difficult for payment service providers to launch innova0ve, safe and easy-to-use digital payment services •  The European Parliament believes there is a large posi0ve poten0al which needs to be more consistently explored 2
  3. 3. PSD2 - Aims & Objec0ves 3 •  Con0nue to harmonise the European payments landscape from a regulatory perspec0ve •  To establish safer and more innova0ve payment services across the EU •  Contribute to a more integrated and efficient European payments market •  Improve the level playing field for payment service providers (including new players) •  Make payments safer and more secure •  Protect consumers •  Encourage lower prices for payments
  4. 4. PSD2 - Overview 4 PSD2 Liability for Payments Transparency of Payments & Charges Strong Customer Authentication Access to Payment Accounts Greater Regulatory Oversight Regulation on Interchange Fee for Card-based Payment Transactions – Dec 2015
  5. 5. PSD2 – Impacts & Implica0ons 5 Business as Usual Development Liability for Payments •  Enhanced Consumer Rights •  “No ques0ons asked” Refund Right for Direct Debits •  Alloca0on of Liability Between Payment Par0es •  Unauthorised / Incorrectly Executed Transac0ons •  Disclosure of Payment Info •  Data Protec0on by Design/Default Access to Accounts •  Access to Accounts •  Objec0ve, Non-Discriminatory/ Propor0onate •  PISP, AISP & ASPSP •  ECB to Dra] Regulatory Technical Standards (API) •  Common/secure open standards •  ID/auth, no0fica0on and informa0on Transparency of Payments & Charges •  Central Register of Companies Providing Payment Services •  Transparent Charging Principles •  Framework Contracts & Single Payments •  Full Disclosure of Charges •  Prohibi0on of Surcharging Customer Authen:ca:on •  Introduc0on of strict security requirements for ini0a0on & processing of payments •  Strong Customer Authen0ca0on procedure •  Dynamic linking •  Use of Mul0-Factor Authen0ca0on •  Protect the Confiden0ality and Integrity of Personalised Security Creden0als PSD2 Regulatory Oversight Impactonsystems,processes&documentation Development,testing,auditing&reporting
  6. 6. PSD2 – Access to Accounts 6 •  Access to Accounts will drive disrup0on (innova0on) in payments •  An accelerator for technology driven disrup0on of incumbent banks by flexible and innova0ve service providers •  Open the market to new entrants (Challengers, FinTech’s etc.) •  Drive new business opportuni0es (exis0ng & new market entrants and a combina0on thereof) •  Drive new business models and services •  What is Access to Accounts •  It is an environment in which par0cipants can share customer data, when explicit consent has been granted, with each other in a secure, automated fashion •  EBA Discussion Paper (pre consulta0on & RTS) •  “The requirements for common and secure open standards of communica0on for the purpose of iden0fica0on, authen0ca0on, no0fica0on, and informa0on, as well as for the implementa0on of security measures, between account servicing payment service providers (ASPSP), PIS providers, AIS providers, payers, payees and other payment service providers” •  This all needs to be overlaid by HM Treasury published a “Call for evidence on data sharing and open data in banking”
  7. 7. PSD2 - Poten0al Opportuni0es 7 Customer Bank D Mortgage Customer Bank C Investments Customer Bank B Savings Account Customer Bank A Current Account Customer Bank A AISP Direct Account Access Third Party Access Customer Data Aggrega4on Model Merchant Customer Bank iDeal (PISP) Customer Inter Bank Payment Network Merchant’s Bank Payment Ini4a4on Service Provider
  8. 8. PSD2 - Poten0al Opportuni0es 8 Customer Customer Bank D Mortgage Customer Bank C Investments Customer Bank B Savings Account Customer Bank A Current Account Customer Bank A AISP Direct Account Access Third Party Access Social Media Networks Foreign Exchange Services News Feeds Delivering Financial Services & Relevant Content
  9. 9. PSD2 – Strong Customer Authen0ca0on 9 •  EBA Discussion Paper (pre consulta0on & RTS) – Strong Customer Authen0ca0on •  Ar0cle 97(1) & (3) strong customer authen0ca0on applies to: •  Access to payment accounts online •  Ini0a0on of any electronic payment transac0on •  Any ac0on through a remote channel that may imply a risk of payment fraud or other abuses, including online or mobile payments •  Ar0cle 97(2) provides that, with regard to the ini0a0on of electronic remote payment transac0ons, PSPs shall apply strong customer authen0ca0on, which includes elements that dynamically link the transac0on to a specific amount and a specific payee •  Ar0cle 4(29) ‘authen0ca0on’ means a procedure which allows the payment service provider to verify the iden0ty of a payment service user or the validity of the use of a specific payment instrument, including the use of the user’s personalised security creden0als •  PSD2 defines authen0ca0on as any procedure which allows the PSPs to verify the iden0ty of a PSU or the validity of the use of a specific payment instrument, including the use of the user’s personalised security creden0als (PSC)
  10. 10. PSD2 – Strong Customer Authen0ca0on 10 •  Ar0cle 4(30) provides that strong customer authen0ca0on means: •  Knowledge (something only the user knows) •  Possession (something only the user possesses) •  Inherence (something the user is) •  That are independent, in that the breach of one does not compromise the reliability of the others, and is designed in such a way as to protect the confiden0ality of the authen0ca0on data •  Ar0cle 98.3 specifies that exemp0ons for strong customer authen0ca0on shall be based on the following criteria: •  Level of risk involved in the service provided •  Amount and/or the recurrence of the transac0on •  Payment channel used for the execu0on of the transac0on •  Things are not yet clear and many issues to be worked through before clarifica0on and understanding of Strong Customer Authen0ca0on
  11. 11. PSD2 - Timescales 11 •  PSD2 has been published in the OJEU and entered into force on 12 January 2016 •  Member States must transpose PSD2 into na0onal law by 13 January 2018 •  However, as directed by the European Commission, the EBA has 12 months to define the Regulatory Technical Standards (RTS): •  Secure Authen0ca0on •  Secure Communica0ons (Access to Accounts) •  Other RTS to be published •  The RTS will apply 18 months a]er adop0on of the standards by the Commission (i.e. no earlier than October 2018)
  12. 12. PSD2 - Summary 12 •  PSD2 published in the OJEU and entered into force on 12 January 2016 •  Transposi0on into Na0onal Law January 2018 •  RTS transposi0on October 2018 onwards •  Programme of work to achieve compliance: •  Systems, processes and documenta0on •  Development, tes0ng, audi0ng and repor0ng •  Access to Accounts •  Need to take into considera0on HMT Open Banking ini0a0ve •  Regula0on driving innova0on •  Open the market to new entrants (Challengers, FinTech’s etc.) •  Drive new business opportuni0es (exis0ng & new market entrants and a combina0on thereof) •  Drive new business models and services White Paper published on PSD2 and Open Banking: www.thehumanchain.com
  13. 13. 13 Brendan Jones The Human Chain Limited Magdalen Centre The Oxford Science Park Oxford OX4 4GA United Kingdom Mob: +44 7785 388 867 Tel: +44 1865 784 386 Fax: +44 1865 784 387 E-mail: brendan.jones@thehumanchain.com Web: www.thehumanchain.com www.digitalservicestoolkit.com 13
  14. 14. how can we help - what we do 14 technology consultancy business consultancy digital service realisation test and learn, PoC and demo toolkit DST

×