The new European directive on payment services, known as PSD2, enters into force today with the objective of improve the security of online transactions and reduce fraud in banking operations carried out through the internet. To achieve this, the standard introduces a series of changes in the procedures so far established that will affect both consumers and financial institutions.
One of the main novelties is the requirement that electronic payment transactions be made with enhanced authentication. What does this imply? That when the user pays or sends money through the network, he must use a method that meets two of these three requirements: possession (for example, a card or mobile), knowledge (for example, a password) or inherent (a biometric element such as fingerprint or facial recognition). If this double authentication is not enabled, payments may be rejected.
"For the user it is good because it adds a lot at the security level," says Olivida Feldman, co-founder of the financial comparator Helpmycash.com.
With this new way to shop online, consumers will only have to pay the first 50 euros spent with their card when it is lost or stolen. Before, the amount they had to face was 150 euros.
The mobile, essential
From now on, it will be necessary to have a mobile phone to enter online banking, where the new requirements of enhanced authentication also apply.
Banco Santander and Bankia, for example, have informed their customers that in order to access their online bank accounts or the application they will need their Current password and a code that you will receive by SMS on your mobile device. The second security factor will only be required the first time it is accessed and when more than 90 days have passed since the last time the double authentication was requested from the user. In addition, there are entities such as Laboral Kutxa or ING that have deleted the coordinate card, so to finish the purchase the user will have to receive an SMS or download the application.
Another contribution of the Community rule is that relating to "open banking". Financial institutions will be required to give access to the accounts of its customers, if they authorize it, to third companies (TPPs) that can carry out information aggregation services (collects the financial data that the client may have in bank accounts of different entities) and initiation of payments (allows to initiate a transfer of a bank account from the application of this provider ). Before, these "third party providers" did not have a legal framework in Spain that allowed them to provide and receive these services with due legal certainty.
“For consumers it is a step forward, especially on a key issue: the data is no longer owned by a bank or a "fintech" and becomes the property of the user », says Patricia Suárez, president of the Association of Financial Users (Asufin).
From Banco Santander they see "positive" the appearance of these third companies because "it opens the market and improves competition", but they warn that this new scenario requires "a special awareness of customers about risks of sharing your information, and must be attentive to the treatment policies and authorizations provided to third parties ».
Given the complexity of the directive, the Bank of Spain announced this week that allow more time for payment service providers to adapt to the new requirements. Industry sources estimate that the moratorium will be one year and a half.
«This creates the opportunity to apply a technology that does not harm sales, but also the threat of being left behind if you do nothing during that time, ”says Raúl Legaz, director of Biocryptology, a company specializing in biometric technology.
For electronic businesses that already had reinforced authentication, the impact of PSD2 will be limited, while those that do not have these security levels should adapt the payment gateway and migrate to the new safer procedure.
Antonio Fagundo, lawyer and CEO of Masaltos.com - Sevillian firm of men's footwear - highlights that the directive will allow them to enter new financial operators and that it will be they who will have to adapt and "make life easier for electronic businesses and consumers." In your company, a good part of the sales come from the digital channel.
«Until now the user got into a web page, paid with a card and from there generated a series of commissions. One that pays the website to the bank and another that pays the consumer. This can make it disappear, ”says Fagundo. "If the customer does not pay by card and uses any of the new payment methods offered, we will take off the two commissions," he continues.
Renee Robbie, general director of payments for SiteMinder, a platform for attracting travelers focused on the hotel industry, points out that “the new regulation will inevitably modify online payment methods as we know them today and will force the hotel industry to prepare for a new change».
Of course, Robbie points out that this change is "essential" for guests to trust intrinsically in hotels, especially when making reservations through the hotels web since in many countries there is a distrust. «Recently I read that a hotel in Budapest had charged the card of a guest the equivalent of 56,000 pounds by mistake instead of 169 which is what the room cost. I imagine that with the new regulation, this type of errors will not happen again, ”he concludes
. (tagsToTranslate) directive (t) payments (t) entry (t) force