Over the years, the proliferation of digital technology has changed the way energy and water businesses engage with their customers, particularly when collecting payments. Recognising the need to stay ahead in such a highly competitive market, utility companies are opting for convenience-focussed payment features to attract and retain consumers.
With so many utility companies now processing their customers’ payments online, 14 September needs to be everyone’s business calendars. This is the final deadline for complying with the Regulatory Technical Standard (RTS) of PSD2, the revised Payment Services Directive issued by the European Commission for innovation, improvement and internet payment safety.
With the countdown clearly on before PSD2 revolutionises the online payment process, here are some necessary steps to ensure a business is ready to process payments smoothly and securely from 15 September onwards:
What does PSD2 aim to achieve?
PSD2’s objectives include: making it easier and safer for consumers (and businesses) to use internet payment services; delivering better consumer protection against fraud, abuse, and payment problems; promoting innovative mobile and internet payment services; and strengthening consumer rights. It also aims to strengthen the role of the European Banking Authority (EBA) to coordinate supervisory authorities and draft technical standards.
The RTS, that final piece of the directive which comes into force in September, specifies the final security measures which organisations are expected to deploy to be compliant with PSD2.
What does this mean for utility businesses?
It means that companies wishing to process payments online have until 14 September to implement security measures.
Specifically, they have until then to implement strong customer authentication, or SCA, on all remote ecommerce transactions of €30 (£26.80) or more (some transactions under this level will also require SCA under the cumulative rule). And this isn’t just a ‘nice to have’, or something you can catch up on a week or two later. As of 14 September, firms will be technically unable to process payments without SCA. A hard stop is in place, policed by the major payment companies.
What does SCA look like?
SCA delivers enhanced authentication for online payments. It requires customers to verify their identity through at least two of the following: a biometric factor; this is something they are such as a fingerprint, voice recognition or facial recognition software, a phone or other piece of hardware; this is something they have, or a PIN, password or security question; which is something that they know. Each of these methods of additional verification has its own advantages and disadvantages – and each introduces an additional stage for customers to go through when completing a payment, potentially increasing friction.
What about Digital Wallets?
One of the exceptions is if you process payments via a digital wallet solution, because the wallet essentially counts as a single method of identity verification. In turn, this means that you, as the business accepting payments, only need to implement one additional method of identity verification for those payments. Additionally, regular payments such as those for a subscription service or paying a bill on a regular basis may be fast tracked through to an approved customer list.
PSD2 is part of a more general shift to Open Banking, which allows authorised third parties to access customer information that was previously available only to banks.