Why Europe's Payments Regulation Could Rock the U.S. Payments Industry

Why Europe's Payments Regulation Could Rock the U.S. Payments Industry

Why Europe's Payments Regulation Could Rock the U.S. Payments Industry

Steve Mott

Steve Mott

Steve Mott is a 25-year veteran of the electronic payments industry, specializing in transaction economics, innovative uses of debit networks, authentication and security technologies, and emerging alternative payments types and venues.

More Info

In ordinary times, terms like PSD2 and GDPR would seem obscure — even to payments professionals used to swimming in acronyms. But at the dawn of digital payments, and in the wake of the Equifax and Facebook scandals, those strings of letters seem to roll effortlessly off of many industry lips. For these initiatives that are taking place now in Europe will almost certainly rock the payments industry in the U.S. as we know it.

But first, a quick catch up

PSD2 — which stands for Payment System Directive, Version 2 — is a follow-up effort by the European Community (EC) to remake its payments marketplace into a more competitive, efficient and innovative transactional environment. Launched in 2007, the initial Payment System Directive concluded that its country-by-country payment system was suboptimal, and even dysfunctional. It also created the Single Euro Payments Area (SEPA), which comprises the 28 participating countries of the European Union transacting in euros. 

PSD2, which rolls out in force this year, provides consumers with much greater control over their financial information and opens up access to bank account information for third-party providers (TPPs), including fintech companies. It redefines the rights and obligations of payments system users, as well as making explicit — and accountable — the roles and responsibilities of payment services providers (PSPs) in the region. These rules will affect 1 billion consumers and up to 40 percent of banking income in Europe.

PSD2 is also designed to foster innovation, expand privacy and promote more secure online payments. It aims to support fintech and digital innovators by requiring banks to provide application programming interface (API) access to consumer account data in order to support new applications. While U.S. companies are still not completely certain about how these requirements apply, and can be fulfilled, U.S. banks are scrambling to figure out how they should comply — not just in Europe, but eventually in the United States as well.

Key changes under GDPR

In all of these changes, PSD2 and SEPA represent a vision that might seem a bit apoplectic in the United States, where a vital part of the economy is being defined — and regulated closely — by a central government, and not the "free market."

For example, one of their conclusions along the way was that payment card interchange, which is long a source of legal challenges in the United States, was viewed as excessive and in some ways irrational — and certainly not cost-based. So in late 2015, the EC reduced interchange to 20 basis points for debit and 30 basis points for credit payment as part of the Interchange Fee Regulation (IFR) directive. A year later, PSD2 rolled out further. Among the most intriguing changes was a dimension that makes it easier to process payments under low-cost automated clearing house (ACH) in those countries, placing limitations on the roles (and how much influence) the card brands could play in the future of payments there as participants. No doubt, these are strong implications for the card brands in the United States to reckon with.

It's not finished yet

But the EU isn't stopping there. A companion initiative cuts a broader swath on privacy and security reforms: the General Data Protection Regulation (GDPR), which becomes effective later this month on May 25.

Europeans are sticklers about privacy and data protection, so GDPR lays out a host of requirements that in all likelihood will prevent consumer violations as experienced with Equifax and Facebook. Moreover, if any company has data on European customers, they are obligated to protect it, as well as purge it completely if the customer requests.

The changes mandated by GDPR standardize the expanded protections for consumers and their personal information — even for organizations domiciled outside of Europe that still house such personal information on Europeans as part of their activities. So any U.S. business operating with European customers appears to need to comply with the new regulations (although there are still some debates about what qualifies as compliance).

Organizations that do not comply with GDPR stand to pay fines of $23.5 million or 4 percent of their revenue — whichever is greater — and a sobering reality for the likes of Equifax, Facebook and Google.

As a result, GDPR also poses the specter of disruptive change for the financial services industry in the United States. To be sure, Europe offers fundamental differences in how privacy is conceived, regulated and enforced.

But in the wake of one blockbuster data breach or incursion after another, U.S. firms would seem well-advised to brace themselves for seismic changes in how private information is used and protected — in addition to reforms in the payments marketplace.

The statements and opinions of the writer do not necessarily reflect those of TSYS.

Other Articles by Steve

Steve Mott

Steve Mott is a 25-year veteran of the electronic payments industry, specializing in transaction economics, innovative uses of debit networks, authentication and security technologies, and emerging alternative payments types and venues such as stored value, online and mobile commerce and transacting over social networks.

As principal of BetterBuyDesign, a payments consultancy, Steve conducts strategy, product, technology and market assessments for banks, processors, networks, technology providers and merchants, and advises a number of investment firms on industry trends and developments. You can reach him at stevemottusa@gmail.com.

Share this story via email or social networks

  1. You Know You've Been Part of the Payments Industry Too Long When…

    Tue Oct 30, 2018 09:00 AM

    You Know You've Been Part of the Payments Industry Too Long When...

    Categories: Articles and Blogs
  2. Winning at the point of sale in the convenience sector

    Mon Mar 18, 2019 12:02 AM

    Winning at the point of sale in the convenience sector

    It’s quite possible that there has never been a more pivotal time in the convenience-store industry. With the obvious exception of e-commerce, the convenience-store and club sectors are the only two other retail channels expected to grow over the next three years – and not nearly as briskly as e-commerce.more...

    Categories: Articles and Blogs
  3. Will Globally Popular Regulatory Sandboxes Ever Crack the U.S. Payments Market?

    Tue Jan 29, 2019 08:59 AM

    Will Globally Popular Regulatory Sandboxes Ever Crack the U.S. Payments Market?

    Categories: Articles and Blogs
  4. Why Your Business Needs to Accept Chip Cards

    Wed Mar 6, 2019 12:06 AM

    Why Your Business Needs to Accept Chip Cards

    It feels like forever ago that the EMV® Liability Switch took place on October 1, 2017. But even now, many businesses have not switched over to taking exclusively EMV (colloquially known as chip cards). more...

    Categories: Articles and Blogs
  5. Why the Payments Industry Needs to Hire More Veterans

    Tue Jul 2, 2019 09:00 AM

    Why the Payments Industry Needs to Hire More Veterans

    Tags: purdy
    Categories: Articles and Blogs
  6. Why It Pays to Be a Payment Facilitator

    Mon Jun 3, 2019 01:02 AM

    Why It Pays to Be a Payment Facilitator

    Payment facilitators. You already know of them and what they do, even if you’re not familiar with the term. In fact, PayPal®—which might be described as the original payment facilitator—is sometimes referred to as a kind of “Super Facilitator,” with Square® being a more recent player.   more...

    Categories: Articles and Blogs
  7. Why Isn't Mobile Pay Usage Spreading Faster?

    Fri Apr 13, 2018 05:52 PM

    Why Isn't Mobile Pay Usage Spreading Faster?

    Categories: Articles and Blogs
  8. Why is Fintech So Focused on New Payment Rails?

    Fri Apr 13, 2018 05:36 PM

    Why is Fintech So Focused on New Payment Rails?

    Categories: Articles and Blogs