Close this search box.

This Banking Regulation Lets You ‘Travel’ Online, Anywhere in the EU

There is weak cohesion within Europe’s financial system. From country-to-country, making payments is confusing and messy. PSD2 promises to change this.

Gregory Dickens

We believe in expanding outreach. Find out how you can use our work.

If you’re an avid traveller you may have noticed Europe has a fragmented payment services system, with no cohesion from country-to-country. But just like you can take a one-hour flight and be in a new country, one piece of banking regulation promises easier ‘travel’ between financial systems.

As an American who worked for 5 years as a banker in London, I came to learn all about this regulation called the Second Payment Services Directive (PSD2). PSD2 is a 2018 EU-wide directive designed to force providers of payment services to improve customer authentication processes and bring in new regulation around third-party providers. It sets basic general standards that individual countries must translate into local legislation, taking into account local nuances while meeting the shared objectives. 

Envision you’re going to the airport. You check-in, go through an initial screening, followed by customs, then boarding. Every airport follows the same security processes, right? PSD2 is like this. A universalised set of steps that lead you to the same goal: security and flexibility of your personal finances. Take a seat. Let’s talk about PDS2. 

If PSD2 ultimately delivers what it promises, it’ll have a significant impact on businesses, as well as everyday Europeans.

With a financial services industry that’s more inclusive and competitive, there’ll be more opportunities for startups and SMEs. These new entrants will be the fresh blood that makes banking fairer and more accessible for the average consumer. 

According to EU law, all banks must share customer data with third parties and allow them to initiate transactions through the bank on behalf of a customer. This means if a customer gives their permission, another company has the right to access that customer’s banking data. 

Common third parties include accounting and ERP systems that directly link banking data to automate tasks (such as reconciling bank transactions with accounting ledgers). A FinTech (a financial technology company) might create an interface and populate it with a customer’s bank balance and transaction data, delivering a more user-friendly dashboard than the bank’s existing applications. 

This democratises the ability to send payments from a closed club of banks, to an unlimited network of new companies who can compete with each other (and the banks themselves). 

A challenge for banks, an opportunity for startups 

The barriers for big banks lie in their size and complexity. There’s a lack of clarity on how PSD2 will be implemented and enforced in all of the individual countries that they operate in. As a result, many large banks across Europe were dreading the arrival of PSD2 and as of 2020, many were still not fully in compliance

But one thing is for sure, they must alter their inflexible technology systems to create application programming interfaces (API’s) that open up their technology platforms to outsiders. In an interview with Finovate, Todd Clyde, the CEO of FinTech predicted these bank growing pains would lead to a three-step journey to adopt PSD2: 

  1. A period of stabilisation as banks work to get fully compliant to deliver the technology changes that they were required to. 
  2. Followed by data sharing as FinTechs feel they can test solutions built around ‘low-risk’ technology such as integrating balance and transaction data. 
  3. The end-state of payments integration, which comes last, because a solution can’t be built around an unstable bank integration that might fail in the seconds one requires to make a payment. 

We’ve seen banks working to stabilise, and as a result, the FinTechs are able to use more and more banking data. Payment applications have predictably lagged behind due to their complexity and high-risk nature. PSD2, even with all its got to offer, is another hurdle. Like airport security checks – they are there to keep you safe, but you want to get through it as fast as possible.

The ‘strong customer authentication’ mandate  

Every time you log into your account or pay for something over a certain value, a second form of authentication is required – just like if you’re going through an airport and are asked to show your passport again at a different checkpoint. 

For credit cards, transactions under a certain value can be quickly conducted contactless. While more sensitive, bigger transactions require you to punch in a pin code. This multi-factor authentication was already standard in in-person credit card transactions, but PSD2 brought this concept to all transactions, including online purchases. 

The credit card schemes had previously tried to offer a solution in this space with 3D secure (3DS), but it’s widely seen as a conversion killer for online sellers – another step in the checkout process to rethink your purchase. 

With the arrival of PSD2 and corresponding local implementation, merchants can’t opt out of this – they’re now obliged to maintain 3DS on all transactions over a certain amount.

Unfortunately, the merchants’ fears have come true, with conversions having fallen by 50% in some countries. This has led to unhappy sellers, as well as less than satisfied customers who felt the experience was too clunky. Small businesses and buyers both lose out. 

This is what will come to mind when you think of PDS2. Changing this perception will require a collective effort of banks, card schemes and FinTechs to create more viable solutions – the experiences first promised by PSD2. 

A faster way of getting there 

The big players like Mastercard and Visa are pushing to modernise their 3DS protocol and make it more user-friendly. The second generation of 3D secure, or 3DS2, is now widely used and relies on one-time passwords and mobile apps for verification, rather than easy-to-forget logins. But authentication from the card schemes is not the only option

PSD2 also allows for Delegated Authentication, which means that through bilateral agreement, responsibility for authentication of transactions can be shifted to the merchant or another third party. 

This is quickly becoming a preferred option for larger merchants, as they are likely to know their customers better than a bank or credit card company.

This opens the door for tech-savvy merchants to take ownership of their payment process and remove the friction. This makes for smoother ‘travelling’ online, when you’re making purchases. 

Alternatively, authentication can also be transferred to a third-party, so there’s the possibility for wallet and payment-service-providers (PSPs) to create better services that reduce bottlenecks on behalf of smaller or less tech-savvy merchants (the security lane pre-check fast pass lane, per se).  This has raised the stakes for FinTechs that are racing towards the Super App, what Stocard CEO Björn Goß describes as a ‘fusion of shopping, payment and financial services in one wallet app’ on a mobile phone.

One universal ‘wallet’ 

The one wallet-app could authenticate a user under Delegated Authority, solving all of the Strong Customer Authentication pains, and allow shoppers to pay without friction across any number of merchants. For example, you could login to a FinTech’s app and do all of your shopping there with payments automatically taken care of in one click. It’s similar to what the digital passport is proposing for the future of travel. 

For our convenience-loving culture, this is an exciting notion. Well-funded players like Revolut and N26 have the early lead but there’s plenty of niche players vying to get a toe-hold in the marketplace. 

The super app might be the most lucrative prize for FinTechs, considering a pan-European target market and the opportunity to get a percentage of every transaction a customer makes. It’s not, however, the only place that’s drawing new entrants. Since PSD2 went into effect in 2018, FinTechs are raising significant funding rounds who are either aggregating customer data in an interesting way or acting as an accessory to a transaction. 

There are plenty of examples of this. For example, the ‘buy-now, pay-later’ startups modeled after Klarna that are making consumer credit easier to access or France’s Joko app that offers rewards and savings incentives for every purchase. 

PSD2 from a new perspective 

While some FinTechs are using data from banks to create interesting solutions, we have not yet seen the possibilities that will launch from PSD2. Once this happens, these new apps will make your financial life easier and cheaper in the EU. More choices, less checkout delays. 

Hold onto your seat to find out who will pull this off. One thing’s for certain: Europe’s commerce will take off with it. 


Gregory Dickens

As an American who studied in Spain, worked in banking in London, and has now started a digital business in Estonia while living in Greece, I think that I fall squarely into the category of an Accidental European. I worked for Citi in New York and London for 7 years across technology, operations, strategy and sales roles before moving to Greece and becoming the CFO of a venture-backed Greek startup. I’m currently building Epilocal, a fully digital business founded through Estonia’s e-residency, that is focused on empowering local communities through independent publishing. I’m also actively involved in mentoring startups in Athens. I received a Bachelor’s Degree in International Finance and Marketing form the University of Miami in the USA and a Master’s in International Management from IE Business School in Madrid, Spain.