PSD, Directive 2007/64/EC, replaced by PSD2, Directive (EU) 2015/2366) is an EU Directive, administered by the European Commission (Directorate General Internal Market) to regulate payment services and payment service providers throughout the European Union (EU) and European Economic Area (EEA). The Directive’s purpose was to increase pan-European competition and participation in the payments industry also from non-banks, and to provide for a level playing field by harmonizing consumer protection and the rights and obligations for payment providers and users.
The SEPA (Single Euro Payments Area) is a self-regulatory initiative by the European banking sector represented in the European Payments Council, which defines the harmonization of payment products, infrastructures and technical standards (Rulebooks for credit transfer/direct debit, BIC, IBAN, ISO 20022 XML message format, EMV chip cards/terminals). The PSD provides the legal framework within which all payment service providers must operate.
The PSD’s purpose in regard to the payments industry was to increase pan-European competition with participation also from non-banks, and to provide for a level playing field by harmonizing consumer protection and the rights and obligations for payment providers and users. The PSD’s purpose in regard to consumers was to increase customer rights, guarantee faster payments (no later than next day from 1 January 2012 on), describe refund rights, and give clearer information on payments. Although the PSD is a maximum harmonisation directive, certain elements allow for different options by individual countries.
The final adopted text of PSD went into force 25 December 2007 and was to be transposed into national legislation by all EU and EEA member states by 1 November 2009 at the latest.
The PSD contains two main sections:
- The ‘market rules’ describe which type of organizations can provide payment services. Next to credit institutions (i.e. banks) and certain authorities (e.g. central banks, government bodies), the PSD mentions electronic money institutions (EMI), created by the E-Money Directive in 2000, and created the new category of ‘payment institutions’ (PI) with its own prudential regime rules. Organizations that are neither credit institutions or EMIs can apply for an authorization as a payment institution if they meet certain capital and risk management requirements. The application can be made in any EU country where they are established and they can then “passport” their payment services into all other EU member states without additional PI requirements.
- The ‘business conduct rules’ specify what transparency of information payment service institutions need to provide, including any charges, exchange rates, transaction references and maximum execution time. It stipulates the rights and obligations for both payment service providers and users, how to authorize and execute transactions, liability in case of unauthorized use of payment instruments, refunds on payments, revoking payment orders, and value dating of payments.
Each country had to designate a ‘competent authority’ for prudential supervision of the PIs and to monitor compliance with business conduct rules, as transposed into national legislation.
The PSD was updated in 2009 (EC Regulation 924/2009) and 2012 (EU Regulation 260/2012). An implementation report from 2013 found the PSD facilitated “provision of uniform payment services across the EU” and reduced legal and production costs for many payment service providers and that “the expected benefits have not yet been fully realised”. The same report found the 2009 update “… to be functioning well. For example, charges for 100 EUR transfers followed a further downward trend to 0.50 EUR euro-area average for transfers initiated online and remained low, at 3.10 EUR for transfers initiated at the bank counter”.
- The PSD only applies to payments within the European Economic Area, but not to transactions to or from third countries.
- PSD exemptions related to payment activities leave users unprotected.
- The PSD option for merchants to charge a fee or give a rebate, combined with the option for countries to limit this, has led to “extreme heterogeneity in the market”.
- So-called “third party payment service providers” have emerged, which facilitate online shopping by offering low cost payment solutions on the Internet by using the customers’ home online banking application with their agreement, and informing merchants that the money is on its way. Other ‘account information services’ offer consolidated information on different accounts of a payments service user. Harmonisation of refund rules regarding direct debits, a reduction of the scope of the “simplified regime” for so-called “small payment institutions” and addressing security, access to information on payment accounts or data privacy with possible licensing and supervision have been proposed.
Revised Directive on Payment Services (PSD2)
On October 8, 2015, the European Parliament adopted the European Commission proposal to create safer and more innovative European payments (PSD2, Directive (EU) 2015/2366). The new rules aim to better protect consumers when they pay online, promote the development and use of innovative online and mobile payments such as through open banking, and make cross-border European payment services safer.
Commissioner Jonathan Hill, responsible for Financial Stability, Financial Services and Capital Markets Union, said, “This legislation is a step towards a digital single market; it will benefit consumers and businesses, and help the economy grow.”
On November 16, 2015, the Council of the European Union passed PSD2. Member states will have two years to incorporate the directive into their national laws and regulations. On 27 November 2017, Commission delegated Regulation (EU) 2018/389 supplemented PSD2 with regard to regulatory technical standards for strong customer authentication and common and secure open standards of communication.
The EU and many banks are pushing this development with the new Payments Service Directive 2 (PSD2), which has come into force on 13 January 2018. Banks need to adapt to these changes that open many technical challenges, but also many strategic opportunities, such as collaborating with fintech providers, for the future.
An important element of PSD2 is the requirement for strong customer authentication on the majority of electronic payments.
Another important element of the directive is the demand for common and secure communication (CSC). eIDAS-defined qualified certificates for are demanded for website authentication and electronic seals used for communication between financial services players. The technical specification ETSI TS 119 495 defines a standard for implementing these requirements.
PSD2 went into full effect on 14 September, 2019 but due to delays in the implementation, the European Banking Authority allowed for a time extension of the strong customer authentication (SCA). 
- March 2000: Lisbon Agenda to make Europe “the world’s most competitive and dynamic knowledge-driven economy” by 2010
- December 2001: regulation EC 2560/2001 on cross-border payments in Euro
- 2002: European Payments Council created by the banking industry, driving the Single Euro Payments Area initiative to harmonize the main non-cash payment instruments across the Euro area (by end 2010)
- 2001–2004: consultation period and preparation of PSD
- December 2005: proposal for PSD by DG Internal Market Commissioner McCreevy
- 25 December 2007: PSD entered into force
- 1 November 2009: deadline for transposition in national legislation
- 2009 update: eliminated differences in charges for cross-border and national payments in euro (EC Regulation 924/2009)
- 2012 update: Regulation on cross-border payments, ‘multilateral interchange fees’ (EU Regulation 260/2012)
- July 2013: report on implementation of PSD and its two updates
- 16 November 2015: The Council of the European Union passes PSD2, giving member states two years to incorporate the directive into their national laws and regulations.
- 13 January 2018: Directive 2007/64/EC is repealed and replaced by Directive (EU) 2015/2366
- 14 March 2019: All Financial Institutions offering an API solution must have it available for external testing by PISPs and AISPs.
- 14 September 2019: The final deadline for all companies within the EU to comply with PSD2’s Regulatory Technical Standard (RTS) pertaining to directive (EU) 2015/2366 (PSD2)
- ^ Jump up to:ab “Directive 2007/64/EC of the European Parliament and of the Council of 13 November 2007 on payment services in the internal market amending Directives 97/7/EC, 2002/65/EC, 2005/60/EC and 2006/48/EC and repealing Directive 97/5/EC”. Official Journal of the European Union. 5 December 2007. Retrieved 2 August 2014.
- ^ Jump up to:ab “Payment services (PSD 1) – Directive 2007/64/EC”. European Commission. Retrieved 2017-02-13.
- ^“The Payment Services Directive — What it means for Consumers” (PDF). European Commission. Archived from the original (PDF) on 2013-05-30. Retrieved 20 March 2014.
- ^“Directive on Payment Services (PSD) — Member States’ options”. EC.Europa.eu. European Commission. Archived from the original on 2015-02-27. Retrieved 2015-02-27.
- ^“Payment Services”. EC.Europa.eu. European Commission. Retrieved 2017-02-13.
- ^“Competent authorities for the authorisation and supervision of payment institutions (Article 20)” (PDF). EC.Europa.eu. Archived from the original (PDF) on 2015-02-27. Retrieved 2015-02-27.
- ^ Jump up to:ab c “REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL on the application of Directive 2007/64/EC on payment services in the internal market and on Regulation (EC) No 924/2009 on cross-border payments in the Community”. Eur-lex.europa.eu. 2013-07-24. Retrieved 2015-02-27.
- ^ Jump up to:ab “European Parliament adopts European Commission proposal to create safer and more innovative European payments” (Press release). European Commission. 8 October 2015. Retrieved 2016-05-04.
- ^ Jump up to:ab “Electronic payment services: Council adopts updated rules” (Press release). Council of the EU. 2015-11-16. Retrieved 2015-11-16.
- ^“COMMISSION DELEGATED REGULATION (EU) 2018/389”. 27 November 2017.
- ^“Capitalizing on the potential benefits of open banking | McKinsey”. Retrieved 2019-09-21.
- ^“strong customer authentication (SCA) Enforcement Date : Stripe: Help & Support”. Retrieved 2019-09-21.
- ^“EBA publishes an Opinion on the elements of strong customer authentication under PSD2 – View press release – European Banking Authority”. Retrieved 2019-09-21.
- ^Jones, Brendan (23 October 2018). “The Implications and Requirements of PSD2 open banking for Programme Managers”. Finextra.com.