Blog

Background top
Dec 09, 2021
Regulations

What is the relationship between PSD2 regulation and identity verification?


Have you ever wondered if the payment services of the online platforms where you buy are secure? We do, that’s why today we want to talk about PSD2, the regulation that is responsible for guaranteeing the protection and security of online buyers.

What is PSD2?

The PSD2 (Payment Services Directive) is a European regulation that aims to strengthen the security of users in electronic payments and, among others, speed up online transactions. It is responsible for regulating payment services, such as bank transfers, card payments, direct debits, etc.

PSD2 arises to combat the unstoppable increase in online fraud.

The PSD2 (Payment Services Directive) is a European regulation that aims to strengthen the security of users in electronic payments and, among others, speed up online transactions. It is responsible for regulating payment services , such as bank transfers, card payments, direct debits, etc.

PSD2 arises to combat the unstoppable increase in online fraud.

Why does PSD2 come up?

We must go back to 2007, when the European Commission launched the Payment Services Directive (PSD, from Payment Service Providers) in order to establish a common payment market within the European Union.

With the rise of internet shopping and a need for end-user protection, a revision of the PSD was proposed, from which the PSD2 arises.

Together, both regulations aim to protect the end consumer and reinforce the security of the payment market, in addition to promoting innovation and efficiency in the EU.

What is the objective of the PSD2 payments policy?

The main objective of this regulation is to facilitate and improve payments, while providing security during online transactions. To do this, it focuses on:

  • Provide greater security through technological processes and reinforced measures for payment services, as well as Enhanced Customer Authentication (SCA), facial recognition, etc.
  • Maintain control over privacy of data of customers and apply demanding security measures
  • Provide greater trust between businesses and banks, providing security in the media, in transactions and applying simplified procedures
  • Offer more security alternatives of services at a much lower price
  • Digitize and group all financial information in a single space and protected

With these measures, you ultimately aim to make shopping experiences faster and safer.

Specifically, what does PSD2 regulate?

PSD2 allows third parties to participate in financial services and therefore access customer data.

Before PSD2, the TPPs or Third Party Providers (basically, entities regulated by the large banks of the European Union, such as the Bank of Spain) were very limited when it came to expanding their services. PSD2 removes barriers in the EU, which is expected to see more providers and internationalization of existing providers.

In return, these entities must comply with the same regulations as traditional payment service providers (registration and verification of identity, authorization of payments, monitoring and supervision by the competent authorities).

Therefore, PSD2 regulates and clarifies both payment initiation services (PIS) and account information services (AIS).

By way of paragraph:

  • PIS (Initiation payment services): apps and platforms that serve as intermediaries for a bank account to make payments or transfers on the internet, such as Verse.
  • AIS (Account information services): apps and platforms that collect information from different bank accounts or financial services to track your expenses or help you save, such as Goin.

Authentication in PSD2

PSD2 implies new security requirements. With its entry into force, the Strong Customer Authentication (Strong Customer Authentication or SCA) is required, that is, the use of two authentication factors in banking operations (payments and access to apps or platforms website included).

Therefore, PSD2 authentication is a form of reinforced authentication for payment processes, it serves to protect the integrity of customers and prevent illegal activities such as identity theft.

And, with the boom in payments through digital media, fraud has increased within the European Union. So much so that the 64% of fraudulent operations with credit cards, in 2018, were remotely triggered by bad practices in the process of identity verification .

This authentication can be done through a temporary code (OTP) or biometric authentication, such as facial recognition.

Biometric authentication in PSD2

The biometric solutions biometric implemented in the authentication processes of the PSD2 regulation are increasing considerably, largely because they speed up consumer verification and because we are very familiar.

In fact, since biometrics was implemented in mobile devices, such as the fingerprint or the facial recognition for unlocking, we are all familiar with these practices.

In addition, on June 21, 2019, the European Banking Authority positioned itself in favor of implementing biometric methods within the identity verification processes in the PSD2 regulation.

PSD2 and identity verification

Authentication through the PSD2 regulation implies the process of identity verification , without this process the standard would not be fully met.

To carry it out, artificial intelligence and a biometric algorithm are used , which are capable of identifying a person and legitimizing their identity. This process applies to online card payments, transactions and, in general, to the entire payment process. On the other hand, the authentication process is fast, agile and secure. This is to prevent users from abandoning onboarding and not looking for alternatives to the entity itself.

See you on LinkedIn!