The financial security of online transactions in 2020: what will the effect of PSD2 be?

In an ever-more connected world, online financial transactions, from viewing bank accounts to making payments, are increasing at a steady rate: in 2017, more than 1.5 bn people globally made an online payment; over 2bn are expected to do so in 2019.

In France, 6 out of 10 people regularly make mobile payments. This appetite for service is encouraging both traditional players and fintechs to take positions on the online banking market. Many solutions are now being deployed at large scale, something that requires appropriate regulation.

PSD2, the revised EU Directive on Payment Services, is part of the picture in developing electronic transactions. It represents a new step in standardizing financial exchanges, and follows PSD1 and the recent OpenBanking UK work.

As the number of players in the market grows, the number of solutions being deployed for user authentication and the security of financial operations is increasing. Such solutions may draw on means of exchange already recognized as secure (for example, EBICS and SWIFT)—but these are not well placed to meet the growing need for real-time access to data.

The purpose of the directive is to provide a regulatory framework for both banking and non-banking players, while also promoting competition.
To do this, the directive defines three types of services carried out by payment service providers:

As a condition of allowing banks to access data via their ASPSP, the directive requires them to deploy a new interface which incorporates a set of security measures that enables the services to be offered securely.

PSD2 represents a milestone in strengthening the security of payment services. It puts in place measures that take into account the needs of the increasing number of digital players. As we stand, however, it contains limitations that constrain what the security mechanisms can offer.