PSD2 helped drive electronic payment and data-sharing volumes while enhancing

security.

So why is the EU proposing to enhance it with the new Payment Services Directive 3
(PSD3) and Payment Services Regulations (PSR) package, and what does this entail?

1) Gaps in the regulatory application of PSD2. The new framework will create a
consistent regulatory environment with mandated APIs. PSD2, in large parts, will be
amended and replaced with the PSR. There will also be a strengthening of enforcement
rules, licensing and penalties.

2) The need for a level playing field for non-bank payment providers and banks.
Inconsistent application put payment providers at a disadvantage, depending on where
they operate. PSD3 will also go further in giving payment and e-money institutions the
right to directly access settlement infrastructures across the EU.

3) The emerging fraud landscape. Even with strong customer authentication (SCA),
fraud remains a significant and evolving threat that poses the risk of consumers losing
confidence in payments. PSD3 aims to enhance payment transparency and security by
introducing:

 Validation similar to the ‘confirmation of payee’ used in the UK;

 A liability model for cases of authorised push payment (APP) fraud; and
 Transaction monitoring to facilitate the application of SCA.

Access to cash remains a priority—transparent ATM charges and allowing customers to

withdraw cash in shops without having to make a purchase are two additional
proposals.

4) Evolution of the Open Banking standards / functionality with an emphasis on

enhancing consumer access and useability. More detailed API specifications (e.g.
for a permissions dashboard), with clear standards, will increase both performance and
availability. This standard aims to drive cross-border innovation and services and even
extends to wider access to data with the Financial Data Access (FIDA) regulation as
part of the overall regulatory package. FIDA is a framework that governs access to and
use of customer data; there will be a new scheme for data holders to comply with.
These proposals will be reviewed by the European Council and Parliament, with
application likely to happen from 2026. Yet their impact will soon be felt by all types of
financial and payment institutions.

So what are the expected industry impacts?

Just like PSD2, this is a transformative piece of legislation that will affect the entire
payments ecosystem. However, the scale of change and the opportunities will differ
greatly among banks, payment service providers and technology service providers.

For banks: The obvious impact will be on significant cross-functional investment (e.g.
across IT, Operations, Security, Risk, Compliance, etc.) that will intensify existing cost
pressures. However, this should be seen as an investment with three goals: to comply,
to protect their existing customer bases, and to seek opportunities to capture market
share. All three will be supported by PSD3’s greater access to data (driving new
propositions and revenue) and enhanced security, which will increase competition.
Banks are already in a strong position with their existing relationship with customers.
The potential upside lies in strengthening this and capturing new relationships, while the
downside is the prospect of losing it altogether.

Commercially, there is even another incentive: the offset of investment costs by lower
fraud reimbursements. Overall, therefore, a proactive cost / benefit analysis and
operating model readiness for PSD3 is a surefire way to prepare for the opportunities it
presents.

For PSPs: The investment case still needs to be made, but clearly the opportunity size
is greater. Increased customer confidence and access / transparency with dashboards
will bring new customers to existing API-enabled propositions. Also, similarly, with other
financial institutions, standardized rules and name checks hold the potential to reduce
operational costs and fraud-related payouts. Supporting this, cross-EU market barriers
have been lowered with consistent application of PSD3 across member states. This has
opened up new markets. Innovative and targeted product development by PSPs can
exploit this expanded market reach.
For technology service providers: We only need look at the opportunities for banks to
recognize that the same is true for TSPs. With fraud mitigation being a key part of
PSD3, TSPs stand to benefit from investment in robust fraud prevention solutions.
There is also the need for newer areas of technology and services: from API
standardisation to name checks, data access interfaces and dashboards. TSPs will do
well to focus on new product development and support for and/or partnerships with
banks.