Media Center

Thanks to Galitt support, European payment transaction players are ready for the second phase of the PSD2

Boulogne-Billancourt (France), September 16th, 2019

The second phase of the Second Payment Services Directive (PSD2), which aims at reinforcing competition in the banking industry and bringing increased security for payment transaction is enforced since September 14th, 2019. Thanks to Galitt experts, merchants, acquirers, issuers and, more generally, all players in the financial transactions industry are better prepared to comply with national and European deadlines.

While the Second Payment Services Directive is already enforced since early 2018, its specific rules about Open Banking and Strong Customer Authentication (SCA) apply since September 14th 2019. The PSD2 stipulates that strong authentication or, in other terms, using two separate factors to authenticate a customer in real-time, is now mandatory not only for physical and online payment transactions, but also for any access to a bank account.

As not all players in the payment environment are ready for these evolutions, the European Bank Authority (EBA) has recently allowed national regulation bodies to grant exemptions. For instance, the British and Irish regulators plan an 18-month exemption and one expects that other regulators will also extend their deadlines. As a result, in October, the EBA will harmonize these new deadlines between European countries, a necessity for e-commerce due to its cross-border character.

Galitt is bringing its support to its customers thanks to a full service offer including coordination and project management, consultancy on impact or opportunity studies, personalized recommendations and training on specific requirements of the PSD2 (including its Regulatory and Technical Standards – RTS). For instance, Galitt is supporting a large merchant in tourism and transport for the implementation of strong customer authentication. They have to adapt complex customer journeys including split payments while avoiding having to run repeated strong authentications at every step. Galitt also brings its guidance to a large European financial institution in its support to online merchants for the implementation of 3-D Secure version 2 authentication process.

The PSD2 also paves the way for Open Banking, the access of banks’ customer financial information to their competitors, including Fintechs, thanks to payment APIs. The three services defined in the Directive: payment initiation (transfer), account consultation (aggregation) and confirmation of funds availability target all customer segments. Consumers, professionals and corporations will have access through these third party access establishments, to all the same functions as with their remote banking services. Nevertheless, many financial institutions are struggling to open all their services to all customers in time for the September 2019 deadline.

In this context, Galitt is building upon its longstanding experience in transaction security, its mastering of the most recent regulatory requirements, its knowledge in digital security and its expertise in fraud-fighting to propose a large set of services to its customers. At a time when all players in the payment chain are facing a permanent regulatory evolution, Galitt supports them to set priorities in tasks to be completed and to guide final customers. For instance, payment initiation, which had originally been defined in France as a one-time Euro bank transfer has now been broadened to include a full online transaction offer as is available in online banking services: single or repetitive transfer, programmed operation, use of various currencies, instant transfer, etc. Ensuring that deadlines are respected with an evolving set of requirements is one of the fields of expertise of Galitt.
Also, Galitt is supporting financial institutions which ask to be exempted from the API backup mechanisms which, according to the PSD2, consists in a allowing web-scraping (user emulation to access a website) while authenticating authorized payment third parties.

Rémi Gitzinger, Galitt Executive Director – Payment Consulting, declares: “For pragmatic reasons, regulatory bodies have a bit relaxed the deadlines, both to finish works on APIs with payment third parties and to smoothen the impact of strong customer authentication on the whole payment ecosystem. The September 14th deadline is not to be seen as an end milestone but as the beginning of a new phase: supporting the migration of e-merchants and the equipment of end-users with strong authentication solutions. Galitt, thanks to its expertise on both technical and regulatory aspects helps financial services players in the whole European Union to adapt their operational models for new regulations. For that matter, it is reinforcing its representation in Europe, where local partnerships are considered.”

On September 26th, Galitt is organizing with DS Avocats, a round table with representatives of businesses impacted by the evolution to SCA and the APIs, around its White Paper “PSD2 & Open APIs,” recently updated after its original publication a year ago. The White Paper can be downloaded here.

Download the press release