Access to payment systems under PSD3 needs to be inclusive, fair and unambiguous [Promoted content]

As part of its PSD2 review, the EU is updating its payments legislation to better promote competition and innovation. However, concerns remain about discriminatory practices when it comes to access to payment systems for services such as direct currency conversion.

Gino Ravaioli is Chairman of the International Association for Cardholder Transactions Abroad (IACTA).

A payments system fit for today

In an increasingly digital world, where a cashless society is becoming more and more plausible, access to reliable payment infrastructure is crucial for businesses and consumers. Equally important for consumers is ensuring that new regulation fosters healthy competition, a precursor to innovation and lower consumer prices.

The European Union knows payment systems need to be fit for modern times, prompting a review of its payments legislation PSD2. The new draft Payment Services Regulation (PSR) aims to bring payments and the wider financial sector into the digital age, improving consumer protection, competition and transparency to empower consumers, a move welcomed by many stakeholders. 

Despite this positive momentum, concerns remain among third-party providers who use payment systems to provide services to retailers and merchants, that they will continue to face an uphill battle when it comes to accessing payment systems.  

Challenges for access 

One of the biggest challenges, not explicitly called out in the draft legislation, is that third-party providers of ancillary services need to use the infrastructure of industry giants such as Visa and Mastercard which also happen to be their competitors. As a result, such providers can find themselves drowning in red tape and high costs, hindering healthy market competition and stifling innovation.

Dynamic currency conversion (DCC) is an example of such a service. DCC gives retailers the opportunity to offer their customers the option of paying for goods and services in their home currency rather than the local currency, making it easier for consumers to understand the total cost of purchases in a currency they know and therefore budget their spending in a secure way. Indeed transparency requirements for DCC are set out in the EU’s Cross-border Payments Regulation.

The service is supported by authorised card acquirers and by specialised service providers like the member companies of IACTA. However, DCC providers are also subject to significant fees, rules and regulations imposed by Visa and Mastercard, including prohibitively expensive compliance costs and technical requirements, which place an undue burden on them. 

“Access” as per the draft Payment Service Regulation

The European Commission’s proposed PSR recognises that access to payment systems infrastructure is an issue. Article 31 requires payment systems operators to provide access to their payment systems infrastructure on fair, reasonable, and non-discriminatory terms.

It states that “Payment system operators shall not inhibit access to a payment system more than is necessary to safeguard against specific risks, including where applicable settlement risk, operational risk, credit risk, liquidity risk and business risk or more than is necessary to protect the financial and operational stability of the payment system.” 

Despite this there are valid concerns that the current draft of Article 31 will fail to fully realise the Commission’s objectives, stemming from the inherent ambiguity over the interpretation and application of the rules.

A significant issue is the lack of a clear definition of the term ‘access’ itself.  Both “direct and indirect” access are mentioned in the draft legislation but their meaning is unclear. You could potentially say that while a third-party services provider, such as a provider of DCC, can theoretically access payment systems infrastructure, if undue fees/compliance rules prevent this, it means that ‘access’ does not equal participation.

Related to this is the obscurity over what different risk types mean in practice. The most concerning example is ‘’business risk‘, which, if not clearly defined, could have a very broad interpretation, leading to potential misuse by payment service operators which could hinder competition and therefore limit consumer choice. One might ask, for example, whether being a competitor could be classified as a business risk.

Another issue is that PSR is currently limited in scope to regulated or ‘Permitted Entities’, which excludes many of the other third-party financial service providers which need access to payment systems, including DCC providers. 

Finally, while enforcement is explicitly referenced under Article 31, it is unclear at national and European level how companies who feel unfairly discriminated against can seek redress.

Recommendations

The European Parliament’s ECON committee and the Council are discussing the proposal in the coming days and weeks, and could rectify these issues by taking the following actions:

Firstly the EU could expand access rights to include providers of specific services such as currency conversion in addition to the ‘Permitted entities’. Secondly, a definition of access, both direct and indirect, needs to be included which also distinguishes ‘access’ from ‘participation’. Thirdly, the definition of discrimination should also include exclusionary pricing practices and regulatory control measures which could be imposed by payment systems operators. ‘Business risk’ and other risk types also need to be defined with clear guidelines on the materiality of risk to ensure consistent interpretation by payment system operators, or excluded entirely. 

And finally, a robust mechanism to monitor and enforce compliance needs to be prioritised, with a clear process at both European and national level for companies to seek redress over problems with access to payment systems, not only through member state competent authorities but also with a private right of legal action.

Conclusion

By addressing the existing access barriers for third-party providers, such as those who provide DCC services, and fostering an environment of collaboration and inclusivity, the EU can pave the way for a more equitable and innovative payment landscape. Indeed these were objectives that the Commission itself set for its legislative review.

True success, however, will only be possible if there are clearer definitions of access and who it pertains to, more precise risk categorisations and enforcement procedures in the legislation – otherwise competition may be stifled, which in the long-run will be detrimental to consumers. 

It is crucial therefore, as the proposed regulation makes its way through the EU decision making process, that care is taken to ensure that the Payment Services Regulation does what it was intended to do – create a payment services framework fit for a modern Europe which promotes competition and ensures consumers have access to a diverse range of secure and user-friendly payment options.