Payment service Directive PSD3
10 January 2023, 2:35 (CET)


Why businesses need to be ready

Payment Services Directive 2 (PSD2)1 was a game changer. Coming into force in January 2018, it introduced rules requiring banks to implement multi-factor authentication for all remote transactions, made it obligatory for banks and PSPs to share certain data with third-party providers (with consent), and improved transparency across currencies and channels.

These changes improved security and lessened the risk of fraud—improving confidence among consumers—made it possible for service providers to substantially improve customer experience with data, encouraged competition, and allowed for the growth of alternative payments aggregators that have smooth the way for better business.

In this blog:

  • What is PSD2?
  • What is PSD3 and how does it differ?
  • Three ways PSD3 will this impact businesses
  • How can SEPAexpress help?

What is PSD2?

PSD2 hasn’t been without issues. Here are some of the key areas where the framework still isn’t up to standard:

Fraud Prevention PSD2 has done a lot to mitigate fraud and reduce its impacts. SCA, pre-authorisation of card payments, obligatory dispute resolution procedures for PSPs, and rules around protection coverage and limits to payer liability in the event of unauthorised payments have all had a positive impact. But there are still holes in the process. Ana Climente Alarcon, head of open banking at digital bank BBVA Spain, says that ‘regulating the possibility of quick recovery of funds in case of fraud is a must,’ and that new anti-money laundering measures are required for the reality that immediate payments have introduced.

Friction with SCA While SCA is a great safety measure, in its current form it can create friction between customers, merchants, and PSPs. Under PSD2, third-party providers must require customers to re-authenticate and give consent every 90 days in order to access their account information, leading to calls to extend the time limit. Ghela Boskovich, Head of Europe at the Financial Data and Technology Association, says that ‘getting the authorities to acknowledge that the 90-day re-authentication requirement actually hindered the end-consumer’s ability to stay connected to services, move their data and their money, and leverage innovative services and products to maximise the economic value of their money’ is crucial. 2

Fragmentation One of PSD2’s stated aims was to solve the issue of fragmentation in Europe, and while open banking has had a significant impact, but problems persist. There’s still room to make the specification of API standards, directory services, and infrastructure more precise, helping EU member states to align their efforts.

What is PSD3 and how does it differ?

PSD3 is the next update to the Payment Services Directive framework, and is expected to be drafted in early to mid-2023. Currently at the consultation stage, it’s hoped to amend the current legislation to make payments faster and safer while aligning better with the EU’s legal framework. Many believe that PSD3 will plug the gaps in PSD2. Here’s how:

Promoting cross-border European payment solutions

By encouraging more transparency, clearly specifying API standards, and regulating ‘triangular passporting’ where an authorised PSP in one country uses the service of an agent in a second to provide payment services to customers in a third, PSD3 could help to smooth out the kinks that currently exist between EU member states.

Developing a competitive and innovative payments market

By extending regulations to payment transactions using crypto assets, BNPL services, digital wallets, and payment processing services, PSD3 will keep this fast-growing market in check, promoting competition among service providers, and encouraging them to innovate so as to better serve customers’ evolving needs.

Providing better, more secure payment infrastructure

Reducing the friction caused by current SCA requirements would improve efficiency and customer experience, but PSD3 will also seek to ensure widespread adoption of high-standard security protocols by updating current requirements for compliance and oversight.

Supporting the international role of the euro

By facilitating cross-border payments, aligning EU member states, and improving customer confidence with increased protection for payments made outside of the European Economic Area, PSD3 will help to support a deeper and more complete Economic and Monetary Union, improving the standing of both Europe and the Euro internationally.

What is PSD3 and how does it differ?

If PSD3 is done right, it could lead to dramatic improvements for the whole payments industry—sparking innovation and facilitating transactions in Europe and beyond. But as with any big changes, challenges are likely to arise. Here are three ways PSD3 may impact businesses:

  • Updated specifications for APIs and infrastructure will ultimately benefit PSPs and businesses since transactions will become easier. But meeting these new requirements could be time-intensive and costly for many who aren’t currently up to scratch.
  • Improved security is good for everyone, and while extending the SCA period will reduce friction, other security updates may raise compliance challenges for PSPs and businesses, requiring additional manpower to ensure all activities are legitimate.
  • Increased regulation always puts pressure on business, though in the longer term it can lead to innovation and better practices. However, it will mean that some alternative payment providers need to adjust their activities, and compliance will be important since penalties can be enormous.

How can SEPAexpress help?

Even positive updates in legislation can put pressure on PSPs and businesses to change their practices accordingly. And one solution is to engage with an alternative payments provider whose job it is to tow the legislative line and do the work for you.
When selecting and integrating a direct debit provider, PSD3 makes raises questions that should be considered to reduce work and maximise revenue:
Are their solutions compliant across Europe and the UK?
Are they using best-in-class security measures?
Can they provide quick reconciliation and chargeback status updates?
How up-to-date and universal is their infrastructure?
Can they identify the account holder for reduced fraud?
Can they be easily integrated with our current systems?

Final Thoughts

While conducive to the ongoing evolution of the payments space, new regulatory frameworks can create additional overheads, eating into your business revenue and profit margins. Adopting direct debit payments from a best-in-class provider can help businesses transition smoothly to any new measures, remaining fully secure, compliant, and profitable. To learn more about open banking, alternative payments, and the benefits of a top-class direct debit solution, get in touch today. All you need to know about SEPA Direct Debit.

1 pwc: PSD2 – a game changing regulation. What challenges and opportunities could the new directive provide? [online] [06.12.2022]

2 Duncan, Elli: OPEN BANKING EXPO (2022, 30. March): Feature: The journey from PSD2 to PSD3, [online] [18.11.2022]

3 OPEN BANKING EXPO (2022, 15. March): FCA’s deadline for SCA implementation for e-commerce transactions expires, [online] [06.12.2022]

contact us

Download & Copy

More blog posts

contact us


Julius Bosse

Download & Copy

Just click here


b4payment GmbH i.L.
Osterhofener Straße 16
D-93055 Regensburg