PSD2 Carries Over to the U.S. – Via the Phone in Your Hand
Let me ask you a favor. Could you put down your phone for just a minute? Unless, of course, you’re reading this on your mobile device.
It can be an uphill battle asking someone to put down their phone these days. I have a tween, so I know the struggle! One of the reasons we’re so reticent to do so is the sheer power contained within these devices. At this point, it controls the music, the temperature, the locks and even the lighting in your home, and that’s not even touching on its entertainment value, or its capabilities as a payment device. The device, in its present form, has been around for ten years now, and in 2017, it’s safe to say there’s no going back.
We’ve gained a device of amazing potential. All that’s left now is get to Lotus Land and to enjoy our perfect utopia, right? Not so fast! Take a peek behind the scenes and, as usual, we start to see some disputes have trickled in; wrinkles in our perfect plan where fraud has found a foothold and exploited the gap. All it took was a little time and inconsistency in implementation.
As usual, the point that fraud integrated itself into this new payment stream was rapid and caught many by surprise. It seems that there was no initial ‘gold standard’ best practice in the USA for the setup of third-party applications in the device, a product of the enrollment process being unique and the requirements thin, given the novelty of the channel.
If our device experienced an error or a breach, from any number of potential failure points such as payment credentials, contact and demographic information, anomaly detection or authentication, the potential impact could be disastrous. Coffee purchase apps become vessels for money laundering, ride-hailing services take fraudulent “test” cards for a spin, while other apps allow bad guys to swipe goods from virtual shelves and stuff them into the pocket where their physical wallet used to be.
In no time at all, our payments paradise has become the Wild West, all because some P2P money-moving services gave little or no regard to their potential for abuse by malicious third parties. The USA gave the collective internet shrug on the topic: ¯\_(ツ)_/¯
A new roadmap?
Enter the revised Payment Service Directive (PSD2), or as I like to call it, the new roadmap. This European standard contains requirements that form a standard baseline for data security and a set of policies to ensure that all players in the space keep it clean and secure. Its mandate includes authentication, fraud detection – and new acronyms/labels for the players.
This device-based disruption, which certainly shakes things up for European banks, will create winners and losers among payment service stakeholders. Make no mistake though, this will unify Europe’s payments market while making significant efforts to secure it as well. Residual benefits include greater efficiency, better-informed consumers and a more loyal and confident customer base that is willing to adopt these technologies.
While many countries continue to abide by username and password combinations, this PSD2 ‘Eurail’ train will continue full-steam ahead, promising a plethora of effective and balanced controls for the next generation’s payments landscape. As future parties in the EU open this Pandora’s box, they will receive the benefit of mandated, integrated security that is respectful of both the device and application.
The upside here is less shrugging and more scaling. Our faith in digital payments is keeping us firmly planted in the seat while our device – as innovative as it ever was – continues to fascinate us with the convenience it manifests. These benefits will continue to ensure we keep our devices close at-hand, so good luck putting yours down anytime soon. All we need now is for the USA to follow suit.
Related Blog Posts
The Race to Real-Time Payments in Europe
Instant payments have quickly morphed into the new norm, and as individual European nations forge a real-time, digital-first payments environment, they raise the bar for all financial institutions conducting business in the Eurozone. It’s no longer a question of “what’s the business case?” but a matter of how instant payments players can take advantage of the opportunities now being created.
Keeping Up With Fraudsters: A Month Isn’t Enough
As the Government of Canada campaigns for improved fraud prevention and awareness this month, I’d like to do my part as a fellow Canadian, and shed some light on why payments need to stay a step (or more) ahead of fraudsters, today more than ever.
Local Perspectives: Real-Time Realities Across Asia-Pacific in 2019
Money20/20 Asia returns to Singapore this week, attracting payments professionals from around the vast APAC region – and beyond. The real-time and open imperative is one of the reasons why all eyes are on Asia-Pacific when it comes to payments, so I caught up with ACI payments experts representing three of the key countries within the region, to take the pulse of real-time schemes that are in varying stages of maturity.
What it Takes to be an ‘Influential Woman in Payments’ [Q&A]
Coming off the back of International Women’s Day this past weekend, PaymentsSource has recognized the Most Influential Women in Payments, spanning multiple industries including financial services, retail, investment and technology. Among the honorees is ACI’s very own Carolyn Homberger, group president, global sales. Part of the executive leadership team at ACI, Carolyn leads a team of payments professionals operating across all global regions, and plays a critical role in setting business strategy. As an advocate for the leadership and growth of women in the payments industry, Carolyn is also responsible for launching ACI’s own Women’s Initiative.
Instant and Open Payments for Consumer Purchases – Lessons Learned From India and Beyond
Did you know that 65% of merchants want to accept instant payments? That’s because they know the customer experience (CX) benefits will drive growth for their business, and they recognize that this payment type will save their business money.
What it Means for a Bank to be Real-Time Ready – It’s More Than Just Payments
Banks are quickly learning that real-time enablement of the business is more than just a technological upgrade – there is a wider challenge of transforming services and customer experience. Although the banking world faces this challenge with some trepidation, there are success stories from other industries that have overcome legacy technologies and transformed frustrating and opaque customer experiences.
What We Talk About When We Talk About Digital Transformation
The recent headline grabbing announcement that Banco Santander has signed a USD $700M contract with IBM got me thinking… what’s up with ‘Digital Transformation’ these days? Santander’s announcement was all about digital transformation… and they are a forward-thinking bank. The new global technology agreement is designed to increase efficiencies in the bank’s operations, enable it to be more innovative and deliver new products, faster. But not every bank can pony up $700M and not every bank has suitable technology in place. It got me thinking, what is actually needed for digital transformation?
Putting Malaysia on the Path to Payments Innovation
The public launch of the DuitNow instant credit transfer service, in December 2018, provides just a taste of what lies ahead as Malaysia’s Real-time Retail Payments Platform (RPP) is progressively rolled out. Fueled by Bank Negara’s (BNM) increasing support for e-payment platform development, there has been a steady increase in mobile wallet and digital payment usage, setting the stage for 2019 to be a year of transformation for the payments industry in Malaysia.
The Potential of 'Request to Pay' to Revolutionize Payments
How often have you been in a situation where you realize in the middle of the month that you’re late paying an important bill? And then hit with a wave of dread as you check your bank account with trepidation to see if you can pay? Many of us are lucky to not be in that situation regularly, but most of us have been there at some point, and likely know others who are regularly confronted by this situation.
What Can the Re-Regulation of Other Industries Tell Us About Open Banking One Year On?
UK Open Banking just reached its first birthday milestone (on January 13 to be precise) and given my own commentary – including in the ACI blog – on this topic, the first anniversary of Open Banking in the UK certainly won’t pass without a debrief on the progress that’s been made and what challenges lie ahead.