As living costs rise and strain family budgets, fraudsters and scammers seize the chance to prey on individuals and businesses. Since 2020 there has been a noticeable uptick in social engineering and phishing endeavours, and this trend will continue to rise in 2023 and beyond, according to LexisNexis, meaning the need for powerful payment security is greater than ever.
Today’s digitally-driven marketplace demands a seamless, efficient payment process, but more importantly, it demands security. With the increasing use of eCommerce and online transactions, payment security has never been more essential.
Let’s delve into this pressing issue, examining the current landscape, the emergence of PSD3, and how businesses can stay ahead of the curve.
The current landscape of payment security
The rise of cyber threats and high-profile data breaches has led to heightened concerns among consumers. Payment security isn’t just a preference – it’s an expectation. A security mishap can erode consumer trust in businesses, impacting their bottom line and reputation.
And the realm of payment security is rapidly evolving. Traditional methods like passwords are becoming obsolete, replaced by biometrics and two-factor authentication.
The use of machine learning to detect fraudulent transactions, blockchain for secure record-keeping, and tokenisation to hide sensitive data are now prominent features of this landscape. Businesses, big and small, need to stay informed and adapt. Embracing these trends isn’t just about ensuring security but also about meeting consumer expectations and building trust.
What is PSD3?
PSD3, or the Third Payment Services Directive, is the latest in European Union directives regulating payment services in the internal market.
Released in June this year as a draft, PSD3 is accompanied by the new Payment Services Regulation (PSR), which will regulate PSP activities, and the Regulatory Technical Standards for Strong Customer Authentication and Common and Secure open standards of Communication (RTS on SCA & CSC).
While PSD2 focused on promoting competition and integrating the payment market, PSD3 dives deeper into security, focusing on authorisation and supervision of Payment Institutions (PIs) and Electronic Money Institutions (EMIs).
Some of its notable changes include:
Levelling the playing field between banks and non-banks.
To reduce the dependency of payment institutions on banks, the European Commission is introducing payment market reforms. The Payment Finality Directive will allow payment institutions to hold funds at the central bank. Payment institutions or related entities can only be denied account services in exceptional circumstances. Payment system operators must offer direct access to all systems, limiting denial only in specific cases.
Data sharing
As a result of current limitations in data exchange between payment chain participants, “open finance” impedes innovation and customer experiences. Account servicing payment service providers (ASPSPs), often banks, will be required to provide a permission dashboard, streamlining access and permission management to promote responsible data sharing. The new framework allows banks to save money while adhering to GDPR rules. Specifically, sensitive health insurance and creditworthiness data will remain protected while facilitating data sharing to fight payment fraud.
Stricter authorisation regimes
A winding-up plan and higher initial capital requirements are among the new licensing requirements in PSD3. Payment institutions are encouraged to diversify their safeguarding methods to reduce concentration risk, potentially increasing operational costs. After PSD3’s enactment, existing e-money and payment institutions must reapply for licenses within two years. Current licenses will remain effective for 30 months, provided the new application is submitted before then.
Fraud prevention
The EU plans to combat emerging fraud methods, such as social-engineering tactics, by expanding free IBAN/name verification to all EU users to curb impersonation fraud. This verification is already under discussion for instant payments. The proposal also suggests that fraud victims can seek refunds from their bank or payment service provider under specific conditions like timely reporting and not being grossly negligent.
Strong customer authentication
Among the proposed amendments are those to clarify the scope of Strong Customer Authentication (SCA), which was introduced by PSD2, as well as ensuring that all users can access different methods of SCA by clarifying the application of SCA (for example, concerning virtual payment cards stored in mobile wallets).
Technologies ensuring payment security in line with PSD3
The implementation date of PSD3 and the transition period for the PSR have not yet been announced. However, it is not expected to be implemented before 2026.
Many businesses and payment service providers have already started to adopt advanced technologies to prepare for PSD3 compliance. These include:
Machine learning and AI for real-time fraud detection.
Biometric authentication adds layers of security for their customers.
Tokenisation ensures that sensitive data, like credit card numbers, are protected from hackers.
End-to-end encryption ensures data in transit is secure.
The payment security landscape, fueled by directives like PSD3, is advancing towards a future where transactions are both convenient and iron-clad secure. For businesses, keeping pace with these developments isn’t just about compliance; it’s about safeguarding their reputation and maintaining consumer trust.
Choosing the right payment provider is a great step to support your journey towards PDS3. It should be one that’s well-versed with the new requirements and equipped with the latest technologies to detect fraud in real-time.
Secure the operations of your business with a payment solution ready for the modern challenges of payment security. Visit the Trust Payments website to learn more about digital payments made easy and embrace the future of digital payments, prioritising unparalleled security.
