What do we have to do with your new cowboy boots?
When it comes to electronic payments, everything changes very quickly. Two important advancements, which you probably don’t even notice when shopping online or paying with your smartphone at the doctor’s or pharmacy, are explained in detail in our Financial Market Infrastructures and Payment Services Report. These changes stem from the second EU Payment Services Directive, better known as PSD2, the guiding principles of which were transposed into national law in 2018 and then successfully implemented in the Belgian payments sector, under the auspices of the National Bank of Belgium.
The two main objectives of PSD2 are to:
- ensure more secure payments, by means of strong customer authentication (SCA);
- stimulate competition and innovation on the financial services market by guaranteeing access to your payment account for new market players; this practice is called “open banking”.
What is SCA?
SCA simply means that you must authenticate yourself when making an electronic payment. In short, when you pay for your boots online, using a credit card for example, the website (whether it's Amazon, Zalando, Bol or another European web shop) is obliged to verify your identity and that the card you are using is in fact yours. In other words, you will be asked to "authenticate" yourself. The goal is of course to prevent fraud.
As you know, you need a card reader to pay online with a debit card (Bancontact), so this may seem obvious to you. But authentication was not previously common practice in the payment card sector, especially for payments with Visa or Mastercard. Payments were usually approved if there were sufficient funds in the account, without any verification of the identity of the person making the payment. After entry into force of the authentication rule and approval by the NBB of a migration plan for the sector, it took another two years or so before SCA was in place for all businesses allowing card payments. It goes without saying that there were many parties involved, from payment processors such as Worldline, acting for merchants, to payment card issuers such as banks.
We’ve finally crossed the finish line! You may already have noticed that when you make an online payment through an app or on a website, you’re asked to identify yourself (using a PIN, Face ID or Touch ID, or a code generated by a card reader). This is due to SCA, which has led to a sharp decline in payment card fraud.
What is open banking?
PSD2 allows consumers to use certain applications, for example to centralise various accounts with different banks (most Belgian institutions now offer this possibility) or to make payments (PayPal or Payconiq). Two types of service providers offer such applications: account information service providers and payment initiation service providers. What exactly do they do?
- An account information service provider (AISP) is an entity that can access your payment accounts and provide you with a statement of your payments. These entities can help you fulfil your bookkeeping obligations and prepare your tax return, but in order to provide payment information in real time, they need to be able to access your accounts. To do so, they need both an authorisation from you AND a licence from the National Bank or the competent authority of another EU Member State.
- A payment initiation service provider (PISP) is an entity that directly makes, on your behalf, transfers from your account to the accounts of beneficiaries, be they merchants or acquaintances. For example, with the Payconiq app, you can transfer money to a friend or pay your dentist. It goes without saying that these entities also need your authorisation as well as a licence from the NBB or another EU competent authority.
To ensure that AISPs and PISPs can provide you with these services, PSD2 obliges banks to adapt their IT infrastructure accordingly. Furthermore, they may not create obstacles for customers, for example by requiring them to identify themselves several times. This rule is intended to strike an optimal balance between, on the one hand, ease of use for customers and, on the other hand, payment security.
It took quite some time for the entire Belgian banking sector to ensure adequate IT support and the absence of obstacles, mainly due to the complexity of banks’ IT systems, the need to clarify the statutory framework and the timeframe in which banks could and were prepared to implement the necessary changes. Throughout this process, the NBB proactively assisted the sector so as to maximise the chances of success of the new services and guarantee payment security at all times. You can read more about this in the reports we have been preparing since 2019 on monetary and financial institutions.
Is this the end of the road? Not by a long shot. We still have many challenges to face in the near future. Take, for example, the growing popularity of instant payments, whereby the funds are immediately available on the beneficiary’s account, the technological advances made in the area of smart objects and the move towards open finance through the further development of open banking. In any case, the payments sector is constantly evolving, and the NBB is committed to closely monitoring it.
Who knows which online payment methods you’ll be able to use to purchase your favourite items from the autumn-winter 2032 collections?