.svg)
For the UK and the EU, the issues surrounding strong customer authentication (SCA), and its parent regulation, the revised Payment Services Directive (PSD2), are set to continue causing even more potential headaches for the payments world.
Although SCA was introduced at the start of 2021 for the EU, implementation has been staggered in the UK.
But now, payments firms and merchants are counting down the days for the full implementation of SCA in March — something that UK Finance warned about last week.
It could be a key driver of change in the UK, said Gary Prince, vice chair at SimplyPayMe. “The can was kicked down the road, but now it is coming in. We aren't sure whether there will be friction and whether there will be a customer drop off.”
There is also the issue of how SCA will interplay with the rise in authorised push payment (APP) fraud and phishing, he said. “Banks want to send text messages with OTPs [one-time passcodes] to comply with SCA, and it remains to be seen how much of this fraud will be captured by the requirement."
This is also a debate that is still being had in the EU.
According to the European Banking Authority (EBA), SCA has already had a tangible impact on fraud on the continent. In a report published in June 2021, the banking watchdog’s data showed that in the period between June 2020 and April 2021, the average value of fraudulent transactions across the EU had decreased by approximately 50 percent from 0.12 percent to 0.06 percent for issuing payment service providers (PSPs), and by approximately 40 percent from 0.17 percent to 0.10 percent for acquiring PSPs.
“The EBA seems quite confident that the amount of fraud is being reduced, but this has all been blurred by COVID and people in the payments ecosystem want to know whether it was worth it,” said Thibault de Barsy, chairperson of the Payment Association EU. “For example, what we hear from members is that one reason it hasn't been catastrophic is that it is not fully implemented.”
However, there are also complaints about a higher rate of rejection and lost transactions, he noted. “Ultimately, the regulators need to compare the loss of revenue and the reduction of fraudulent activity."
PSD2 and EU/UK divergence
Following the Brexit vote, PSD2’s SCA requirements were one of the first areas of substantial divergence between the UK and EU, not just in terms of a staggered implementation but also how the UK has been quicker to redefine rules around the SCA required for account information service providers (AISPs).
Other areas as well have seen the UK motivated to diverge, such as the upping of the limit on contactless payments.
This parting of ways is likely to continue as the EU forges ahead with its own regulatory agenda, according to Max Savoie, a partner at Sidley Austin. “The rubber hits the road with regulatory proposals such as MiCA [Markets in Crypto Assets regulation] and PSD3, on which we could see substantive divergence,” he speculated.
"Of the areas in PSD2 most likely to be re-looked at, there was such a big battle around third-party providers and access to payment accounts,” he said. “I would be surprised if this wasn't revisited when the commission considers changes. Another thing that the commission is hinting at is digital identity, and how payment services providers communicate with one another, as well as with consumers."
It makes sense that the European Commission could look at these areas again, Savoie suggested. “When it comes to issues like providing access interfaces to payment accounts, there are quite complex and prescriptive rules that are not always perfectly tailored to all use cases in the market. The regulators and policymakers who came up with these rules seem to have had specific use cases in mind.”
For Savoie, these might make sense in the context of a retail bank account, but they do not always translate easily in the context of B2B products.
“There is a discussion on whether there will be a change to the Level 1 text, or whether the commission will open this up to the Level 2 technical standards,” said Robrecht Vandormael, Brussels-based partner at FTI Consulting, discussing the EU legislative process, which often has a second level of legal text for financial services regulation.
Level 2 measures are often used to provide guidance on complying with an EU regulation, be that through so-called delegated acts or implemented acts. With SCA, the Level 2 text was developed by the EBA.
“With the latter, a lot of optimisation can be done in terms of Open banking API and SCA with the current limits on contactless transactions. In the UK, this has been done already, and increasing that limit needs to happen in the Level 2 text."
Diversification and open banking dilemma
Although the vaccine rollout has afforded much of Europe a return to some normality, experts believe that the march toward digitalisation shows no end in sight.
"In 2022, we will continue to see the acceleration of digital payments,” said Vandormael. “Consumers and merchants would appreciate government initiatives to boost electronic payments so that they always have the capability to use this method at the point of sale.”
Payments is a volume-driven business, said Savoie. “You position yourself through being faster or convenient. Commercial trends this year will rely on making it easier to connect consumers to merchants, as well as making it easier to pay.”
“My sense is that a lot of providers are also starting to diversify how payments are made. Firms that did remittance products are now looking at the possibilities with FX [foreign exchange], and the store of value. They don't want to provide just one thing,” he predicted.
Beyond this, the push towards open banking is likely to continue in Europe. The UK’s open banking body, for example, released statistics recently that reveal 4m people are now using open banking products.
Although 4m users may seem relatively small, the Open Banking Implementation Entity also showed significant year-on-year growth. Last year, there was a 60 percent increase in new customers (up from 2.8m in December 2020).
At the end of 2021, cumulatively more than 26.6m open banking payments had been made — an increase of more than 500 percent in 12 months.
Nevertheless, this is still an extremely small share of 30bn-plus non-cash payments in the UK.
"Open banking is great for merchants, but doesn't have a hook for the consumer,” said Prince. “The consumer doesn't perceive it as different to how they usually pay as the debit card is still there, and for the consumer, is their bank account.”
However, Prince predicted that there will still be more traction for certain open banking use cases, like bank transfers. “There will be some uptake but not as much as the industry would like."
"What history has shown us is that change takes much longer than you think. People don't go out to make payments, they go out to get things and the payment comes at the end of that journey,” he summarised.
