The Revised Payment Services Directive, also known as the PSD2, is a set of regulatory guidelines laid down by the European Union (EU) for finance, banking, and payment service companies. These regulations aim to improve the protection of consumer information, provide a common platform for competing organizations, and prevent payment fraud. PSD2 regulations apply not only to banks but also to companies that create apps for services like making payments, managing bank feeds and tracking expenses.
Competition between companies to either work with or create these apps has sparked many new businesses to enter the market. With all of these players, EU legislators came up with the PSD2 regulations to build a bridge between the service provider and the customer, enabling a hassle-free pathway for accessing financial information in a secure way.
Key aspects of PSD2
With the introduction of PSD2, two primary aspects have come into play: Strong Customer Authentication (SCA) and Third-Party Providers (TPPs).
SCA is a regulation to decrease the possibility of fraud while making an online payment. With the implementation of SCA, customers will have to go through multi-factor authentication (MFA), providing two of the following:
Something they “know,” like a password or pin
Something they “have,” like a phone or smart card
Something they “are,” referring to biometrics like fingerprint or facial recognition
TPPs are broadly categorized into Account Information Service Providers (AISPs) and Payment Initiation Service Providers (PISPs). AISPs collate the account information of an individual from their various banking institutions and gives them an overview in one place. On the other hand, PISPs are third-party companies that provide payment services. Under PSD2, PISPs can initiate a payment on behalf of their customers by abiding with SCA.
Zoho Books and PSD2 compliance: What to expect
Zoho Books is making the necessary adaptations to be PSD2 compliant. That means, Zoho Books will disconnect the automatic import of some bank feeds from banks that are under the purview of PSD2 from September 14, 2019. We are closely working with an alternate TPP and the banks to support the automatic import of bank feeds in Zoho Books. We will notify you as soon as we support automatic feeds for your bank. Until then, you will have to import the bank feeds manually to view them in Zoho Books. You can view the status of your bank and what you’ll have to do about it, here.
As Zoho Books works with multiple payment platforms, we’ve been striving to ensure that the integrations with them are PSD2 compliant. Some have already complied while others are expected to comply by September 14, 2019. The status and the additional steps you must follow to adhere to PSD2 for each payment gateway is detailed in the Integrations page in Zoho Books. To check, go to Settings > Integrations > Customer Payments.
The UK’s Financial Conduct Authority (FCA) has provided a 6-month extension for TPPs and an 18-month extension for banks to be PSD2 compliant. However, in the EU, be aware that the deadline to adhere to PSD2/SCA varies from country to country.
All payment integrations in the Zoho Finance products such as Zoho Books, Zoho Invoice, Zoho Subscriptions, Zoho Inventory, and Zoho Expense will be PSD2 compliant on September 14, 2019, regardless of the extensions provided by the regulatory authorities.
PSD2: Revised Payment Service Directive
AISP: Account Information Service Provider
PISP: Payment Initiation Service Provider
XS2A: Access to Accounts
IAM: Identity and Access Management
ASPSP: Account Servicing Payment Service Providers
SCA: Strong Customer Authentication
FCA: Financial Conduct Authority
- TPP: Third-Party Service Provider
In order to be fully PSD2 compliant, the automatic bank feeds were put on hold. Zoho Books is working its way on getting approval from the regulators. Though we expect the approvals to be available by 31 October, we are afraid that it might be delayed by a couple of weeks. We request you to import bank statements manually till further notice.