With PSD3, the EU will enhance fraud prevention and data security while fostering innovation in financial services and giving consumers greater control over their financial data.
By the end of this year, the EU will bolster its fight against financial fraud by introducing stronger regulations and enhanced security measures for digital payments across the region.
PSD3 will introduce new rules to prevent fraud linked to digitalising our habits and emerging technologies, like generative AI. It will also update the rules on who is responsible when fraud happens, aiming to protect users better and encourage awareness and understanding of digital payments and fraud prevention. It builds on the foundation laid by PSD2, addressing its limitations and introducing new measures to keep up with the evolving digital landscape.
As Rainer Olt, Head of Payment & Settlement Systems Department at Eesti Bank, says:
“PSD2 introduced Strong Customer Authentication (SCA) and a secure framework for Open Banking, successfully reducing fraud. In PSD3, SCA remains central to fraud prevention, potentially driving the adoption of national eID solutions, including the future EU Digital Identity Wallets, for customer authentication and payment authorisation, while ensuring accessibility for those without smartphones.”
“Most likely best in class will be the ones that combine all necessary solutions helping to prevent fraud from happening without requiring banks to implement multiple connections and infrastructures.”
Rainer Olt, Head of Payment & Settlement Systems Department at Eesti Bank
The change will fundamentally change the payment industry. With access to cross-border payments and introducing a new EU digital identity for all European citizens, banks and financial institutions can now reach all Europeans as potential customers, expanding beyond just regional consumers.
“It will make it easier for me as a consumer to open a bank account wherever I like, take a mortgage in another region, and pay my service providers wherever they are. All with the bank I trust, prefer, or located in the country which is most convenient for me,” says Silje Nesvik, Managing Partner at BCG Bono Consulting Group and ex-Managing Director of Payments in EY.
Nesvik states that PSD3 will open new opportunities for banks, fintech companies, and third parties. It will allow them to provide innovative consumer services by leveraging financial data through Open Banking APIs and various financial service ecosystems.
Don’t miss out: Catch the latest Nordic Fintech Magazine here
Dashboard revolution
The PSD3 was approved in April of this year. Most payment institutions are well-prepared to meet the new requirements and ready for the implementation timeline. However, the changes also bring new responsibilities, especially in managing and safeguarding data, Nesvik notes.
Consumer dashboards, which will soon be mandatory, are expected to be the most impactful feature for users. They will give insights into how data is used and accessed, potentially changing user behaviour and requiring payment service providers to monitor emerging trends.
“This can potentially be the most innovative and user-friendly consumer data management service in a long time,”
Silje Nesvik, Managing Partner at BCG Bono Consulting Group and ex-Managing Director of Payments in EY.
“To aggregate consumer data in a user dashboard, you also need to have absolute control of your data and data management, which needs to be designed for that purpose. With many changes simultaneously and with a short implementation time, it can be difficult for many institutions to achieve and meet this requirement in time,” Nesvik says.
This shows the importance of following the regulations and managing data carefully. Still, balancing that with creating new and useful data dashboards for consumers can be tough.
“This can potentially be the most innovative and user-friendly consumer data management service in a long time,” Nesvik adds.
Trust in wallet
Data sharing under PSD3 involves both Open Banking and fraud prevention. The main goal is to minimise the amount of shared data, ensuring that only necessary information is accessed by third-party providers, which aligns with GDPR rules.
Regarding fraud prevention, new rules will allow payment service providers to share certain data (such as user location, transaction history, devices used, spending habits, etc.) without explicit user consent.
“With PSD3, the race is on for building such information sharing and transaction monitoring solutions in addition to payee IBAN-name verification, most likely best in class will be the ones that combine all necessary solutions helping to prevent fraud from happening without requiring banks to implement multiple connections and infrastructures.” Says Olt
Don’t miss out: Catch the latest Nordic Fintech Magazine here
The Financial Data Access (FIDA) regulation proposal will regulate the sharing of financial data beyond payment account data necessary for Open Banking. This will set the framework for Open Finance and ensure that all consumers and firms have tools to monitor and control the use of their financial data.
“All this should increase trust in “wallet” solutions that, in addition to one-off payments, help optimise customers’ purchase and payment habits and find the best options for financing, insurance, or investments,” adds Olt.
This is where the challenge and the opportunities lie for a true Open Finance ecosystem.
“An ecosystem which can utilise all the beneficial data sharing schemes and be the platform for diverse offerings and services to consumers and the best playfield for innovation. FIDA will be the commercial version of the Open Banking infrastructure from PSD2 that never became a commercial success, but with FIDA, it may happen,” Nesvik says.
