With the deadline of the 14th September fast approaching, the need to have the new security standard for online payments implemented is ramping up the pressure on the industry. PSD2’s new SCA (Secure Customer Authentication) requirement will have a big impact on the way merchants take payments from customers. TFT caught up with Brad van Leeuwen, VP of Partnerships and Marketing at Railsbank to shed some light on the new regulations.
TFT: Is there a risk of the sector becoming complacent with the delayed SCA deadline?
Brad: It seems as though the card schemes will require issues to have everything in place by the original deadline and online merchants using any of the large acquirers will largely have it taken care of for them. The one obvious gap will be SCA for non-card payments where it looks like there is still a lot of work to be done and many providers will be grateful for the extension.
TFT: Will increased online checkout security negatively impact consumer sales?
Brad: Adding extra friction to the checkout process may result in a short term increase in abandoned carts and therefore consumer sales.
In the medium term, I expect it to accelerate the shift towards solutions like Apple Pay that embed the authentication in a really low friction way, and to subscription models that will only require SCA on the initial payment.
TFT: Could PSD2 compromise customer data and will this conflict with GDPR?
Brad: Personally identifiable information and financial data is extremely sensitive and needs to be treated with the utmost care. My personal view is that the essence of both GDPR and the data elements of PSD2 is that the data subject owns their data and should be able to control it and access it on their terms.
TFT: Does PSD2 fully address the need to break up the monopolies held by the big banks before the financial crisis?
Brad: PSD2 is part of a wider ecosystem of policies designed to increase competition in financial services. Looking at the market share data in the UK for example, the market is still dominated by 4 banks and so we’ve got a long way to go, but regulators like the FCA recognise the challenges and continue to facilitate competition. Key gaps around access to payment systems and safeguarding accounts still exist and in some cases are getting more challenging for new entrants; you could even argue that some banks are acting anti-competitively.
TFT: What legislation would you put in PSD3?
Brad: People and businesses deserve access to all their data, not just the data that is held within payment accounts. I hope PSD3 brings all financial products in scope. Also, PSD3 needs to take more steps to compel banks to facilitate competition, particularly with regards to working with other financial institutions, especially startups.