The question in this headline may seem like an odd one to ask. Second Payment Services Directive (PSD2) is clearly E.U. legislation and will never be directly adopted by countries outside this region. But just like the recent General Data Protection Regulation, I think PSD2 will have a worldwide impact, inspiring open banking and fintech legislation globally.
But before we dive into this, let’s recap what we’ve been focusing on in this series of blog posts. Second Payment Services Directive (PSD2) has brought a new era in financial services that has reshaped the need for customer authentication and secure connectivity, and made it a higher priority than ever. Financial companies are now held to a whole new level for managing the security and privacy of their customers’ data. The next steps that they take in complying with PSD2 in the remainder of this year and into next will have ramifications for their business operations for many years to come. On this note, our first post on this topic looked at the delay in implementing PSD2 and what it means, and our second post examined the crucial role of text messaging in PSD2.
In this third post, going back to the question posed in the headline, let’s look at the 2018 General Data Protection Regulation (GDPR) to understand why PSD2 may have an impact on the digital payment experience that extends beyond Europe. While European in scope, PSD2 has had a worldwide influence on multiple levels. It not only affects any multinational businesses with European customers, but it’s also sparked a range of similar legislation.
As examples, there are the California Consumer Privacy Act (CCPA) in the U.S., the General Data Privacy Law (LGPD) in Brazil, and the planned Personal Data Protection Law in India. While these are different from GDPR in detail, they do have a similar impact on the way that businesses treat privacy and their customer interactions.
We also see another similar pattern with PSD2. The list of countries rolling out open banking legislation is growing daily and includes a range of major markets, including Australia, Brazil, Canada, Hong Kong, Israel, Japan, Mexico, New Zealand, and Singapore. Some countries are further ahead than others, such as Australia, Brazil and Mexico, which have all enacted legislation, while others are still in the consultation phase.
Accordingly, of particular interest will be how these countries address customer authentication. This is important because PSD2 shows that the authentication requirements can have a huge effect on the online payment user experience for all retail and banking customers, even when they don’t use fintech services.
In this area, the PSD2 guidelines for strong customer authentication are wide-ranging. They have defined what counts as multi-factor authentication, specified whether text messaging can be a secure form of authentication, and provided clarifications on biometric, behavioral, and app-based authentication.
However, this is good and bad. While there is concern on the potential impact for online sales, with Stripe warning of a potential €57 billion loss, the guidelines have provided some welcome clarity over what is and isn’t permissible. It will be interesting to see whether other countries follow suit.
I look forward to continuing to examine this in future blog posts as PSD2 enters one of its most complex and important phases. In any event, at Syniverse, we continue to ensure that our customers can reach and authenticate their users as they navigate the changes and major steps in implementing PSD2. Not only have we specialized in the crucial mobile channels integral to PSD2 and the one channel through which all consumers can reliably be reached – text messaging – but our private, members-only network keeps banks isolated from the public internet, which is vital for safeguarding millions of customers and transactions and for complying with PSD2’s security requirements.
We’ll have a lot more to say on PSD2 in 2020 as many banks move into high gear to comply with it, and we hope you’ll stay tuned for those updates right here on the Syniverse Blog.
Mike Bradford joined Syniverse in 2010 and has developed a number new products for Syniverse’s mobile authentication, digital identity, fraud prevention, and mobile payment solutions. He has more than 30 years of experience in mobile, which has included contributions to ETSI standards, GSMA award shortlists and industry guidelines for in-app payments. Before joining Syniverse, in 2010, Mike worked across a range of organizations and industries, including T-Mobile, Neustar, BAE Defence, and NATS, and technologies including stealth, air traffic control, mobile video, and instant messaging. He holds a bachelor’s degree in electronic engineering and a master’s degree in radio frequency communications, and he is a member of the Institute of Engineering and Technology.