Login | May 20, 2019

PDS2 is the new GDPR

Technology for Lawyers

Published: February 22, 2019

Well, here come some new EU data regs.

As of September 2019, EU financial transaction businesses (payment and FinTech spaces, including banks) will be subject to a whole raft of new security regulations called the Second Payment Services Directive, or PDS2 (or PTSD at this point it’s the same thing).

The new regs create more secure systems for financial transfers—which are data, right? You may think of them as money, but they’re data. And these data transfers need to be secured. More than half of all financial transfer companies reported hacks last year. So the rules need to reflect that, and these do.

PDS2 doesn’t affect as many companies as the GDPR, but it could have an even greater effect on the way business is done.

Beyond security, the new promise easier payment transfers for merchants by opening up bank accounts and third-party transfer companies to direct access.

Like the GDPR, these new regs are mandatory, affect large and small businesses, reach any company that does business in the EU (including many US companies, of course), and has companies scrambling—even though the regs were originally published in 2015. The regs only affect intra-EU transactions.

PDS2 consists of 117 articles and 11 mandates. Those mandates include, among other requirements, strong customer authentication (SCA), mandating two-factor authentication and strongly suggesting three- factor; regulation of third-party providers; and the creation of several new organizations.

One big change is the creation of Access to Accounts, which will allow merchants to directly access a customer’s bank account with the customer’s permission. Third-party transaction companies will also be more accessible to merchants and customers. Both will work through access to the companies’ Application Programming Interface (API).

PDS2 is designed to promote “open banking”—with easier access to bank accounts and more secure financial transactions. It has been called the “Open Banking Standard.” Open banking is something that US banks are apparently reluctant to try.

Coming to the US? Some day, maybe.

American Banker Magazine recently wrote that the US is “way behind the curve” on open banking. Forbes Magazine recently wrote that open banking needed to be “watched.” And open banking in the US has many advocates.

But for now, open banking is the new EU standard. So if you’re doing business over there, get up to speed.