Following the launch of MEF guidelines on the Payment Services Directive (PSD2) and ahead of the new regulation coming into effect this Saturday the 13th January, CLX Communications’ Rob Malcolm outlines the key things you need to know about PSD2, what it hopes to achieve and what affect it is likely to have on those in the Messaging and Cloud Communications industry.
First, let’s qualify exactly who PSD2 will affect. As stated in the MEF guidelines, PSD2 covers all relevant stakeholders of the mobile payment ecosystem, including banks, payment processors, vendors, service providers, enterprise messaging providers and MNOs. So, it’s fair to say that it will be essential for those in our industry to pay attention.
What is PSD2?
PSD2 is the next evolution of payment related legislation in the European Union, which requires Payment Service Providers (as defined above), to comply with a new set of rules on customer authentication and protection.
In short, PSD2 will bring a solid framework for both businesses and consumers when involved in taking, initiating or processing mobile payments as well as those processing communications related to mobile payments within the European Economic Area. PSD2 is set to bring payments within the EU market into the digital age, whilst ensuring that all those involved are playing by the same set of rules.
PSD2 In The Cloud Communications Industry
A common misconception with PSD2 is thinking that it only applies to payments, but as stated earlier, it also applies to those working with financial service companies – including SMS and Cloud Communications companies who work with non-bank third party providers to process payments and services.
PSD2 will see new formalities introduced in terms of authorization, new authentication standards will be required, resulting in significant changes to how financial services companies are expected to authenticate their customers.
These new authentication standards require vat a minimum the use of 2 Factor Authentication (2FA). PSD2 gives full support to SMS as it will make 2FA mandatory as a verification method, which means that payment companies will need to start using this kind of authentication to verify customers if they are not already doing so.
As a result of PSD2, both payment institutions and mobile payment service providers will need to review their existing security mechanisms and support processes against the security standards set out by PSD2 and ensure they are fully compliant.
The enhanced security proposed by PSD2 extends out to enabling ways for Mobile Network Operators (MNOs) to protect their systems from hackers and fraudulent attempts to access sensitive subscriber information. As a core element of the financial services sector, MNOs will need to work with Cloud Communications companies like CLX and their sister company Symsoft, to ensure their systems are compliant with PSD2, using Firewalls to enable safe communication in terms of the new guidelines.
The ultimate objective of PSD2 is to facilitate the development of an EU wide market for payments, to promote innovation in the EU payments space and to increase competition and consumer choice. PSD2, once implemented, has the potential to make things easier for many businesses by bringing a clearer and more consistent approach to payments, particularly non-card online payments.
Mobile consumers, in particular, are more likely to expect new and secure payment options – PSD2 is poised to fulfil these expectations by offering the necessary framework to make it happen.