PSD3 Security and Compliance: Everything E-Retailers Need to Know

La Payment Services Directive 3 (PSD3) is the next major European regulatory evolution in payments. After the DSP2, which imposed strong authentication (SCA) and paved the way for open banking, the PSD3 aims to strengthen Payment Security, improve competition and clarify liability rules in case of fraud.

For the e-retailers, payment managers, CIO and CFO, this directive is not only a new constraint: it is also an opportunity to optimize payment processes and strengthen customer trust.

In this article, we take stock of the DSP3, its news, its impacts for online commerce and the best practices to prepare.

What is DSP3?

La PSD3 (Payment Services Directive 3) is the third European directive governing payment services. It complements and updates the DSP2, in force since 2018.

Its main objectives are:

Strengthening the security of online payments Thanks to a strict supervision of service providers.
Improving consumer protection, especially in the event of fraud or litigation.
Further supervision of open banking, in order to ensure fair competition between banks, fintechs and new players.
Standardizing the rules within the European Union, to limit differences in application between countries.

In summary, PSD3 is a regulatory evolution that aims to adapt the legal framework to a market where payments are diversifying and where the cybercrime is becoming more complex.

DSP3 vs DSP2: What are the differences?

PSD2 marked a turning point by imposing strong authentication (SCA), which has become mandatory on most online payments. It had also introduced payment aggregation and initiation services via API, opening the market to new players.

With PSD3, we move on to the next step:

More Safety and Control : payment service providers (PSPs, fintechs, banks) will have to undergo reinforced controls, in particular on governance and cybersecurity.
More Clarity on Responsibilities : in case of fraud, responsibility will be better defined between the merchant, the bank and the service provider. For example, the European Commission is considering imposing a Automatic Refund consumers who are victims of fraud, unless there is evidence of gross negligence.
Strengthened framework for open banking : APIs will have to meet more homogeneous standards, to ensure fair competition between banks and fintechs.
Focus on the fight against fraud : increased reporting obligations, better cooperation between actors, and strengthened role of national supervisors.
Supervision of card payment fees : PSD3 could cap certain fees charged to merchants to avoid disparities and abusive practices, especially on interbank cards.

The impacts of PSD3 for e-retailers

1. Increased security = more friction possible

New authentication and control obligations can complicate the customer journey. The risk: a drop in the conversion rate if the payment steps become too cumbersome.

2. More Demanding Fight Against Fraud

PSD3 compliance means increased transaction monitoring. Retailers will need to prove that they are working effectively with their PSPs and that they are applying best practices.
👉 According to Deloitte Avocats, this could involve a Obligation to put in place documented and verifiable anti-fraud plans, with regular checks.

3. New opportunities through open banking

The DSP3 consolidates the open banking framework. This opens up opportunities for:

The initiation of instant transfers,
alternative payment solutions to bank cards,
The smoother integration of wallets and aggregators.

4. Better Defined Responsibilities

In the event of litigation or fraud, the rules will be clearer in determining who reimburses the user. This can reduce legal risks but also require increased vigilance on the merchant side.

How do I prepare for PSD3?

PSD3 will not be immediately applicable: like any European directive, it will have to be transposed into national law. But waiting would be a strategic mistake.

Step 1: Audit your payment processes

Identify the friction points related to strong authentication.
Measure the potential impact on your conversion rates.

Step 2: Strengthen your anti-fraud systems

Check the effectiveness of your rules of 3DSecure and Exemptions.
Add anti-fraud plans
Evaluate your scoring and monitoring solutions.

Step 3: Diversify your payment methods

Explore the Instant Bank Transfer and open banking solutions.
Integrate Wallets to meet customer expectations.

Step 4: Rely on an expert partner

Getting Ready for the PSD3 compliance requires a global approach combining technical, regulatory and business.

The most frequently asked questions

When will PSD3 come into effect?
The directive still has to be validated and then transposed by each EU country. It is expected to come into force by 2026.

Does PSD3 replace PSD2?
Yes, PSD3 will complement and replace PSD2, while taking back its achievements (strong authentication, open banking).

What are the main changes in PSD3?

Strengthening the fight against fraud (mandatory anti-fraud plans, increased reporting),
Clarification of responsibilities in the event of fraud with almost automatic reimbursement of victims,
Management of card payment fees,
Strengthened supervision of open banking and PSPs.

How can an e-merchant prepare for PSD3?
By auditing its payment processes, by strengthening its anti-fraud tools (in particular with a documented plan), by diversifying its payment methods and by relying on a partner like Purse.

Conclusion

La DSP3 is not only a new regulatory constraint. For e-retailers and payment managers, it represents a chance to strengthen security, open up new payment options and build customer trust.

Anticipating the PSD3 compliance, you can turn this directive into a competitive advantage. And with Purse, you have a partner that can simplify regulatory complexity to optimize your payments.

👉 Do you want to anticipate DSP3 and optimize your payments?