How Payment Developers with PSD2 Open Banking Knowledge Become More and More Useful in Europe
In this highly digital age where the internet has become an avenue for all sorts of communication, almost everything can be done, at least partially, through the internet. For instance, whereas shopping and buying goods necessitated physically going to the market or to the mall and paying for your items in cash, it is now possible and is, in fact, commonplace for such purchases to be done online. People can shop for virtually anything on the internet through the various e-commerce websites, add any number of items to their virtual cart, and then pay for them using any of the available online payment methods like credit card, PayPal, or mobile wallets, among many others. This route has become very popular because it eliminates the need to go to stores and wait in queues, and instead allows customers to buy whatever they need or want from the comfort of their own homes or wherever they may be.
Due to the popularity of online transactions, some rules and regulations had to be crafted to govern these payments to make sure that the online market remains safe and fair for everyone involved: the buyers, the sellers, and the payment platforms and service providers. These protocols have to be followed by everyone involved in the online market industry. For example, a PayPal web developer or bank API programmer must be fully aware of all such rules that govern the jurisdiction under which their application or software falls.
One such set of payment services regulations that applies in the European region is the Payment Services Directive (PSD), the latest version of which is the PSD2, also known as the Revised Payment Services Directive. In this article, we take a closer look at this directive and see how knowledge of its details will help developers be in control of development concerning online transactions.
Payment Services Directive
The first version of the directive, known as the Payment Services Directive (PSD), went into force on December 2007. It was a directive of the European Union (EU), and was to be enforced by all members of the European Union and the European Economic Area (EEA). This directive had two primary goals in mind. In the context of the payment industry, it aimed to increase the participation and provide a healthier competition for payment service providers by providing rights and obligations for both consumers and service providers, thereby encouraging participation from non-banks. In the context of consumers, it aimed to improve customer experience by ensuring customer rights, guaranteeing faster payments, and requiring more transparency in terms of the information on payments.
There are two main parts to the PSD. The first part, which is collectively called the market rules, describes the types of organizations or companies that are allowed to provide payment services. This includes banks and government institutions, as well as so-called Payment Institutions. This part also describes the application process that organizations must go through in order to be considered as a Payment Institution. The second part, which is collectively called the business conduct rules, lays down the rules that must be followed by payment service providers, including the required transparency of payment information, as well as the maximum transaction time for payments. Furthermore, it lays down the rights of both the payment service providers and their users.
Revised Payment Services Directive
The updated version of PSD, known as the Revised Payment Services Directive (PSD2), was adopted by the European Parliament in October 2015 and was passed by the European Union in November 2015. It went into force on January 2018.
There are several updates to the original EU payment accounts directive that were introduced by PSD2. Here are some of the most important changes:
- Introduction of new players – PSD2 introduces two new players to the online market industry, collectively known as Third Party Providers (TPPs). First are Account Information Service Providers (AISP), which have access to the customers’ bank account information and may aggregate data from different banks, or more generally called account servicing payment service providers, into one central repository for a unified analysis. Second are Payment Initiation Service Providers (PISP), which are able to initiate PSD2 payments on behalf of the customer making the transaction and enable them to make online credit transfers without the need of a physical instrument, such as a card. These are in addition to the already supported Payment Instrument Issuer Service Providers (PIISP), which provide instruments like credit cards or debit cards that allow payment initiation upon consent of the user.
- Enhancement of customer rights – PSD2 also focused on ensuring better protection of the rights of consumers. For instance, it introduced unconditional refunds or so-called “no questions asked” refunds, and it prohibits surcharges for purchases from both physical stores and online shops.
- Tighter security – PSD2 introduces enhanced security measures for transactions, most of which are contained in the Regulatory Technical Standards (RTS) for Strong Customer Authentication (SCA) and Common Secure Communications. For instance, it requires strong customer authentication based on at least two out of three information requirements: what you know (such as username and password input), what you have (such as mobile phone authentication), and what you are (such as fingerprint scanning). This is commonly known as two-factor authentication. Moreover, it requires payment service providers to adopt a framework for risk mitigation and incident management. For instance, these providers must immediately report security incidents to authorities without unnecessary delay.
These are just some of the improvements introduced by PSD2 over the original PSD that application developers of e-commerce systems in the European region must be fully aware of.
As of January 2018, all members of the European Union, which is comprised of 28 countries including Germany, France, Italy, Spain, and Poland, should have adopted the PSD2 into all their digital payment and transaction protocols. This poses challenges to banks across PSD2 Europe, as they have to provides TPPs (AISPs, PISPs and PIISPs) with Application Programming Interfaces (APIs) to access customer account information, leading to what is referred to as PSD2 open banking, but increases the number of players in the market and allows for a healthier and more competitive playing field. This is expected to give rise to more financial technology (FinTech) companies.
FinTech companies have started seeing increased adoption by customers since the announcement of PSD2. For instance, mobile bank company N26 has tripled its user base within a year, from around 100,000 in 2016 to around 300,000 in 2017. In fact, as of 2016, global investments in FinTech companies have increased ten-fold to USD 19 billion, and this is expected to further increase to USD 150 billion by 2021 due to the adoption of PSD2.
For application projects that involve digital payments and transactions, especially those that will be used within the European region, it is critical to get PSD2 developers, or developers that are well-informed of the PSD2 rules and guidelines. Whether it be a web app developer, mobile app developer, web service developer, payment integration developer, or legacy software developer, they should have in-depth knowledge of the details of PSD2. This will ensure that the application they will be building will follow all the regulations prescribed by the EU payment directive.
For instance, they will ensure that two-factor authentication is followed for all access points. They will also be the ones responsible for handling APIs from banks in order to access information from payment service users.
Recommended Skills and Experience for PSD2 Devs
If you’re planning to hire developers with a good grasp of PSD2, here are some of the skills and experience you should look for.
PSD2 allows third party providers to access the bank and credit information of their users by accessing the banks’ application programming interfaces or APIs. Payment service user data are accessed through web service calls from within applications, so it is important for a developer of an application that uses PSD2 to have full knowledge of how to call APIs and how to handle and process the responses received from them.
Knowledge of Security Standards
PSD2 pushes for enhanced security measures with facilities such as two-factor authentication, but this should be supplemented with other standard security measures. As such, it is important for a developer of any PSD2-utilizing application project to be well aware of industry-standard security best practices, such as data encryption, prevention of SQL injections, and avoidance of denial-of-service (DOS) and distributed denial-of-service (DDOS) attacks. Moreover, they should also be aware of existing security protocols, such as the EU General Data Protection Regulation (GDPR). With these measures in place, security enhancements from PSD2 will see their maximum benefit.
Experience with Financial Applications
PSD2 governs digital transactions, so a PSD2 developer must have in-depth knowledge of how digital transactions work in the first place. A good PSD2 developer must therefore have extensive experience with applications that involve such transaction, such as financial, PSD2 banking, and e-commerce applications. Experience with such projects enables a developer to have a mature outlook and understanding of the processes involved in the areas governed by PSD2.
Hire PSD2 Payment Developer Now
With the fast-paced advancements in technology, digital payments are quickly soaring in popularity. PSD2 is the European Union’s way of ensuring that the digital payments industry remains a fair and safe place for sellers, buyers, and payment service providers alike. In this article, we have taken a look at PSD2 and seen how knowledge of this EU payments regulation becomes a huge asset for a developer, especially for projects that concern online or mobile payments.
If you’re on the lookout for a competent payment gateway developer with full knowledge of PSD2 details, look no further! Here at Mobilunity, we have the most talented dedicated developers in different programming languages with an extensive grasp of the PSD2 rules and guidelines, as well as other technologies like PSD2 blockchain, to help you with your application project. While our developers are among the best in Europe, our rates are likewise among the lowest that you’ll see in the whole continent. When you hire dedicated developers from us, you’re sure to strike the perfect balance between quality and affordability.