|Source: LoudMouth Media|
Not satisfied with forcing 'gateway' service providers to supply their services directly to regulated institutions rather than merchants, if they wish to remain exempt, it seems the EU Council also considers that e-commerce checkout pages on merchant sites are "payment instruments" in their own right (not just the payment methods displayed on them).
A new information requirement seems to mean that where customers are shown a range of different card-scheme brands as payment options prior to checkout (itself referred to as “the issuance of a payment instrument”), they should be informed that they have the right to select a particular brand and to change their selection at point of sale.
On the surface, this requirement adds nothing. It's how checkout processes already work. If you want to pay by card, you click on the card scheme logos, and up comes a page that asks you to enter a card number from any of the brands displayed. But describing a checkout process as a “payment instrument” (rather than merely the payment methods available on it), suggests that the entity which serves up the web page that enables checkout is itself the issuer of a payment instrument and should be authorised accordingly.
It's likely that many e-commerce merchants will host their own checkout page or process, and the transaction only moves to the acquirer’s servers either once the customer has selected which type of payment instrument she wishes to use, or (if the merchant is PCI compliant) once the transaction is captured and sent to the acquirer.
So this provision would actually require such a merchant to either cease hosting any aspect of the checkout process or become authorised as a payment instrument issuer (or the agent of an authorised firm). It also raises the question whether such a merchant is also 'initiating payment transactions', with the same consequences.
This is revolutionary stuff. If passed in this form, PSD2 could drive the need for significant website re-development work. Of course, it could also mean good business for e-commerce marketplaces, or regulatory specialists who help firms apply for authorisation (pick me!). But it's really just overkill.
In their quest for 'the highest standards of consumer protection', the European authorities seem oblivious to the adverse impact on competition and innovation in the payments sector that will come from delivering control over key aspects of e-commerce infrastructure to the comparatively few firms who will bother becoming authorised. Ironically, it was this sort of concentration that drove the need for the current PSD - to open up the banking/card scheme monopoly. Perhaps the banks and their schemes are winning the battle to retain their dominance after all...