PSD3/PSR, DORA, and more – what comes with the next wave of payment regulations?

Between the dynamic poles of regulation, cyber security, and digitalisation, future drivers are having a major impact on today’s payment industry. This article, the second in a three-part series, takes a closer look at current and planned regulatory adjustments. The first article presented the current initiatives shaping payment digitalisation in Europe – the digital euro.

The payment industry is continuously evolving, driven primarily by technological advancements and regulatory changes such as PSD3/PSR, FiDA, Instant Payment, and DORA. These developments present significant opportunities but also pose substantial challenges that require thorough preparation. What impact will these new directives and regulations have on the payment industry, and what do they mean for banks and payment service providers?

Dieses Bild hat ein leeres Alt-Attribut. Der Dateiname ist Figure-1_Triangle-1024x591.png

Triangle of digitalization, regulation and cyber security in the payment industry

PSD3/PSR – Strengthening consumer protection and enhancing security in payment

With the currently discussed directives PSD3 (Payment Service Directive 3) and PSR (Payment Service Regulation) the European Commission sets out a specific vision for harmonised and secure payment transactions and fair competition within the European Economic Area.

The upcoming directive PSD3 builds on the previous directive PSD2. The main focus is on Strong Customer Authentication and the transparent organisation of payment transactions. PSR supplements PSD3 and leads to a directly applicable law in all EU member states.

The drafts for PSD3 and PSR were published in 2023. Since then, the regulations are under review. Both directives are expected to take place in the second half of 2025.

Banks have the chance to offer new services by integrating innovative technologies and partnering with different Fintechs. By digitalising and automating processes, banks can reduce their operating costs and increase efficiency. Beyond that, banks have the opportunity to increase customer trust and loyalty through improved security measures and innovative services.

For payment service providers PSD3 and PSR encourage competition and allow them to enter the market more easily. They have the chance to develop new technologies and services while meeting customer needs and gaining the trust of business partners. For e-money institutions PSD3 and PSR means that they are required to obtain a licence under the Payment Services Supervision Act (ZAG) and are therefore under the control of stricter regulations. In addition, the shifting of fraud losses from customers to banks increases the risk and poses a challenge for fraud management.

For end users, the PSD3 and PSR directives enhance security through improved authentication processes. They benefit from increased transparency about fees and other costs, leading to better decision-making when choosing banks and payment providers.

Schedule of PSD3/PSR implementation until 2026

DORA – Ensuring digital resilience and cyber security for Europe’s financial sector

The Digital Operational Resilience Act (DORA) is considered a highly influential EU regulation and aims to strengthen the digital resilience of the financial sector. DORA sets IT security standards, particularly in the areas of risk management for information and communication technology (ICT), the reporting of ICT incidents, and the monitoring of risks by third-party ICT service providers.

The DORA regulation came into force on January 17, 2023, but will not be fully applied until January 17, 2025. In this 24-month transition period, banks and other financial institutions have time to prepare their businesses for the actual DORA enforcement by January 2025.

Banks and payment service providers can improve the resilience of their systems and processes against cyber-attacks and other digital threats. By ensuring compliance with DORA regulations, banks and payment service providers can strengthen the trust of their customers and position themselves as trustworthy and reliable partners in the market. Improved risk management and emergency plans help banks to minimise potential financial damage.

End users can rely on more secure and reliable financial services. Beyond that one can expect less downtime and fewer interruptions, allowing them to access their financial services continuously.

Management of third-party ICT risks with DORA

FiDA decoded – the path to seamless financial data sharing

The Financial Data Access Regulation (FiDA) aims to create a unified ‘Open Finance’ space across Europe. By giving authorised third-party providers access to financial data and offering innovative, customised financial products and services, the aim is to increase transparency, promote competition and give consumers more control over their financial data. The decision to implement FiDA is scheduled for the beginning of 2025.

FiDA offers great opportunities for banks and payment service providers to strengthen their customer relationships by developing personalised products and services. Increased transparency will improve fraud management and claims processing. In addition, FiDA aims to promote cooperation between traditional financial institutions and new fintech companies to improve the service offering and reach new customer segments through strategic partnerships.

End customers benefit from greater transparency, easier financial management, and personalised financial products such as embedded finance solutions.

The implementation of FiDA presents a challenging task, particularly for banks and payment service providers. The preparation includes developing scalable and resilient interfaces for data transmission and creating a consent management dashboard. The potential entry of big tech into financial services adds competition to the market.

Instant Payments Regulation – accelerating the shift to real-time transactions

The Instant Payment Regulation (IPR) aims for real-time payments within the Single Euro Payments Area (SEPA). Adopted on March 13, 2024, the IPR requires that payment service providers facilitate instant payments by 2025, ensuring transactions are processed within seconds, 24/7, throughout the whole year. The regulation aligns with the European Commission’s objective to enhance the efficiency, speed, and security of the payment system.

For banks, instant payments offer the opportunity to work with real-time cash flow transparency and rely less on outdated forecasting methods. Corporates benefit from a better overview of funds, which can lead to more accurate decision-making and lower operating costs.

The shift to real-time payments also comes with significant challenges. The speed of instant payments leaves little room for error or recovery, which makes transaction and data fraud easy. Processing transactions 24/7 demands significant investment in upgrades, including cloud-based solutions for scalability and sophisticated fraud detection mechanisms.

Beyond that, payment service providers must comply with real-time sanctions screening and transaction monitoring. Meeting regulatory standards requires integrating advanced monitoring tools into payment systems.

End users gain immediate access to funds, making financial management more flexible and convenient.

Advice on handling the realisation of regulatory adjustments in payment

How can banks and payment service providers take advantage of the opportunities presented by these regulatory changes? Here is some key advice.

Security mechanisms and fraud prevention

  • Advanced authentication: Implement secure and user-friendly authentication technologies;
  • Fraud detection: Integrate fraud detection and risk management systems, and train staff to identify suspicious transactions;
  • ICT governance: Adapt internal policies and processes for continuous risk assessment and management.

Technology and Infrastructure

  • Technology investment: Upgrade IT infrastructure and develop secure, real-time data sharing APIs;
  • Scalable IT infrastructure: Invest in scalable cloud solutions and advanced IT systems to handle high transaction volumes for instant payments.

Resilience and incident management

  • Digital resilience testing: Conduct annual baseline tests and threat-led penetration tests (TLPT);
  • Incident management: Develop an internal reporting system for ICT incidents and synchronise all ICT systems with a reliable reference time.

Third-party-management and collaboration

  • Fintech partnerships: Form partnerships with fintech companies to expand service offerings and facilitate the transition to instant payments;
  • Third-party risk management: Review and update outsourcing policies and contracts, and conduct regular due diligence.

Development of new revenue sources

  • Alternative revenue: Introduce new service offerings and payment solutions, and diversify the business model by entering new markets or forming partnerships.

For banks, instant payments offer the opportunity to work with real-time cash flow transparency and rely less on outdated forecasting methods. Corporates benefit from a better overview of funds, which can lead to more accurate decision-making and lower operating costs

Banks and payment service providers need to act now in order to keep up with current trends to remain competitive in the payment market. This includes analysing current business processes, identifying gaps in terms of regulatory requirements and new customer expectations to effectively shape existing business models for the future. Moreover, banks and payment service providers should incorporate regulatory aspects into their business strategy and consider the selection and implementation of new technology solutions and suitable third-party providers.

In the next article of this three-part series, we will take a closer look at the increasing importance of cyber security in the payment industry. Why is it important to include a sophisticated cyber security strategy and what are the possible consequences of disregarding cyber risks in today’s world?

This article was first published on ‘The Paypers‘.

What impact does the regulatory changes have on your company?

Discover in our exclusive workshop “NextGen Payments: Revolution or Evolution by 2030?” how PSD3 / PSR, DORA, FiDA and the future drivers of digitalization and cyber security will affect your business models and how you can make your company future-proof.

We look forward to hearing from you and will be happy to answer any questions you may have.

Dr. Carlos Nasher

DORA: What banks and payment service providers need to prepare for

The digitalisation of products and processes brings not only opportunities for banks and payment service providers, but also an increasing number of risks. Cyber attacks and IT failures can cause enormous financial and reputational damage. This is where DORA, the Digital Operational Resilience Act, takes action. This EU regulation aims to ensure that financial institutions become more resilient against threats targeting their technical infrastructures and that cyber security is prioritised across the entire organisation.

In this article, we take a closer look at the requirements DORA places for banks and payment service providers and how companies can take action to fulfil these.

Was ist DORA?

The Digital Operational Resilience Act (DORA) is a key EU regulation that aims to strengthen the digital operational resilience of the financial sector. It intends to ensure that banks and payment service providers are robustly prepared against cyber attacks, IT failures and other digital threats. The regulation sets out general standards for IT security, particularly in the areas of information and communication technology (ICT) risk management, the reporting of ICT incidents and the monitoring of risks by third-party ICT service providers.

Highly efficient and stable ICT structures shall create more security in the financial system and minimise the risks of digital transformation for market participants. This will lead to a significant growth in the analysis and reporting requirements for financial institutions. DORA will place the current high outsourcing rate of banking IT and banks’ strategies for digital transformation in the focus of supervisory authorities.

DORA already came into force on 17 January 2023 and will fully apply from 17 January 2025 on. Financial institutions must therefore achieve DORA compliance until January 2025.

The schedule of DORA (2023-2025)

On July 8, 2024 the BaFin (Bundesanstalt für Finanzdienstleistungsaufsicht) published a supervisory statement regarding DORA. It contains extensive implementation guidelines for ICT risk management and ICT third party risk management, among other topics. The guidelines are not mandatory but provide assistance and explanations for organisations to fulfil the DORA requirements. Beyond that the supervisory statement compares the existing IT requirements (BAIT/VAIT) with the new DORA requirements. In providing the supervisory statement, BaFin states that existing IT requirements (BAIT/VAIT) are largely covered and expanded by DORA. With the national implementation of the FinmadiG (Finanzmarktdigitalisierungsgesetz), BaFin plans to suspend previous IT requirements (BAIT/VAIT/KAIT/ZAIT). Companies that are not covered by DORA still have to take proper action to deal with IT and cyber risks.

What are the main objectives of DORA?

Improving ICT risk management processes and ICT governance

DORA requires financial institutions to develop and implement ICT risk management systems. This includes the identification, assessment and reduction of ICT risks. Through standardised processes and regular reviews, risks should be identified at an early stage to take action immediately. BaFin’s implementation guidelines for DORA emphasise that the responsibility for ICT risk management lies within the management body of financial organisations.

Increasing resilience against cyber threats

Another goal is to strengthen actions to detect, prevent and respond against cyber threats. Banks and payment service providers need to develop plans for dealing with cyber threats and test these regularly. In addition to the retrospective view of ICT-related incidents and the performance of the ICT risk management scope in the past, new technological developments, including cyberattacks, should also be monitored. Financial institutions should be able to create a fast and effective reaction capability that enables the organisation to maintain business operations continuously.

Ensuring the continuity of critical functions

DORA requires the development of emergency plans and business continuity strategies. Financial institutions must ensure that critical functions can continue in the event of serious ICT incidents. Testing ICT security measures on a regular basis is key.

Strengthening monitoring and reporting of ICT incidents

DORA requires the reporting of serious ICT incidents to supervisory authorities and to analyse their sources. The aim is to create transparency for supervisory authorities so that effective control mechanisms can be implemented. By establishing an ICT asset management and categorising related risks, dependencies on third-party ICT service providers, risks from cyber threats and ICT vulnerabilities should be identified and regularly reviewed.

Supporting due diligence requirements for third-party providers

DORA sets a high value on due diligence in the selection and monitoring of third party providers of critical ICT services. Banks and payment service providers need to take appropriate security actions and ensure that their service providers are regularly reviewed. The DORA implementation guidelines set out enhanced contractual requirements for the use of ICT services, including minimum requirements for all contractual agreements and obligations to review and test. This minimises outsourcing risks and increases security along the entire supply chain.

Management of third party ICT risks

What specific action does DORA require from banks and payment service providers?

The new requirements are forcing banks and payment service providers to rethink and adjust their ICT risk management processes. The following actions should be taken to ensure regulatory compliance:

ICT governance and risk management: adaptation of internal guidelines and processes

Internal guidelines must be reviewed or established to reflect DORA’s new ICT compliance requirements and to ensure continuous risk assessment and management (including documentation of processes for providing documentary evidence to supervisory authorities). Moreover, an ICT risk control function must be established that is responsible for the management and monitoring of ICT risks.

Testing digital operational resilience: implementation of baseline tests and TLPT

Internal guidelines and operational processes must include regular, at least annual baseline testing and TLPT (Threat-led Penetration Tests) to identify and eliminate potential weaknesses. Cooperating with testing service providers can be considered in this context. Beyond that, it is necessary to consider extended scenarios such as climate change, insider attacks and large-scale power outages.

Disruption incidents and reporting obligations: establishing a reporting system

It is necessary to develop an internal reporting system for ICT incidents with defined processes and criteria for classifying and reporting security incidents. Financial companies must ensure that logs are protected against manipulation and loss and that all ICT systems are synchronised with a reliable time reference.

Management of third-party risk: ICT outsourcing management and monitoring critical ICT service providers

Reviewing and updating outsourcing guidelines, contracts and internal processes for analysing the risks of third-party providers, including regular due diligence methods, maintaining an information register and adapting tendering processes based on extended evaluation criteria. This includes minimum requirements for all contractual agreements as well as review, testing and cancellation rights.

In the course of 2024, there will be more specific legal acts in the form of technical standards (RTS and ITS) for most of the regulatory areas.

The impact of DORA at a glance

DORA is a challenging task for financial institutions, but it is also an opportunity to strengthen ICT security and resilience. Although the implementation of DORA requires significant effort and investment, it contributes to the long-term stability and security of the European financial sector.

How do we successfully support banks and payment service providers?

With our extensive consulting experience in the payment and banking sector, we are looking forward to supporting you in implementing the DORA requirements. In addition to dealing with the requirements of DORA in your company, we can contribute our knowledge and experience from various sourcing strategy and implementation projects. The requirements for outsourcing ICT services to third parties in particular are increasing significantly. New requirements include conducting risk assessment before a contractual agreement is concluded with a third party. In contrast to the MaRisk the DORA regulation no longer differentiates between outsourcing and other external procurement of ICT services.

Which means other external procurement of ICT services will also be covered by DORA in future, with corresponding due diligence obligations for banks or financial service providers. Sourcing strategies and existing outsourcing of ICT services should therefore be reviewed in order to take the requirements of DORA into consideration at an early stage and, if necessary, implement adjustments, for example in service provider management.

Are you looking for a way to develop secure and innovative processes, strengthen your digital resilience and get your company ready for the future? Please feel free to contact us.

What impact does DORA regulation have on your company?

DORA is part of our new workshop “NextGen Payments: Revolution or evolution by 2030?” In a customised workshop, we discuss with you how the future drivers of digitalisation, regulation and cyber security will affect your business models and we will work together to develop individual solutions. You can find more information here.

Further regulatory requirements – PSD3 und PSR

Alongside DORA, other regulatory requirements such as PSD3 and PSR are influencing payment transactions. Learn more in this blog article.

Jens Hegeler

Hauke Peters

What banks and payment service providers need to know about PSD3 and PSR

The financial world is in constant state of change, driven in particular by technological advances and regulatory adjustments. The current regulatory initiatives of the European Commission, PSD3 (Payment Service Directive 3) and PSR (Payment Service Regulation), will be further steps in this development. According to the European Commission, they aim to harmonize payment transactions within the European Economic Area, increase the security of payment transactions, and promote competition in the payment market. These new regulations present a number of challenges, but also opportunities for banks and payment service providers.

In this blog article, we look at the key points of PSD3 and PSR and their potential impact on banks and payment service providers. We highlight the measures that need to be taken to efficiently and timely implement the regulatory requirements.

What are PSD3 and PSR?

PSD3 builds on previous regulations, particularly PSD2, and clarifies existing regulations. It includes, among other things, an extended liability for banks and sets new IT and risk standards. A key focus is on strong customer authentication and transparent payment transactions.

The PSR (Payment Service Regulation) complements the Payment Service Directive and leads to directly applicable law in all EU states. Its goal is to harmonize regulatory standards within the EU and ensure uniform regulation in European payment services.

The objectives of PSD3 and PSR:

Where do PSD3 and PSR stand now?

In June 2023, the drafts for PSD3 and PSR were published as proposals to revise PSD2. The European Parliament approved this proposal on April 23, 2024, with some amendments, including regulations on strong customer authentication and liability rules. Currently, the European Parliament and the European Council are negotiating the final statutory text. The final version of the statutory texts is expected by the end of 2024. Given these developments, we expect the new regulations to come into effect in 2026.

PSD3 implementation schedule (2023-2026)

What does this mean for banks and payment service providers?

Adapting to the new PSD3 requirements is essential for banks and payment service providers to ensure compliance with the regulations and seize opportunities. This results in the following impacts requiring action:

Strong Customer Authentication (SCA): PSD3 and PSR foresee the introduction of stricter requirements for customer authentication and an expansion of authentication options for people with low digital affinity and vulnerable groups. Additionally, in April 2024, the European Parliament proposed expanding the inherence factor to include environmental and behavioral characteristics. This means that banks and payment service providers must invest in the development and implementation of more robust and innovative security mechanisms. This can increase the security of payment transactions but is associated with implementation costs and additional complexity in adapting systems and processes.

Extended liability for payment institutions: With the tightening of liability rules in fraud cases, banks, payment service providers, and providers of electronic communication services are held more accountable. Issuers will have to prove that, for example, a fraudulent transaction is unequivocally due to customer misconduct to avoid liability. Additionally, payment service providers are obliged to immediately block a payment instrument if there are objective risks or suspicions of fraudulent use. This will be difficult to demonstrate in many cases and may not be in the interest of the relationship with the customer in question. Investments in customer communication, prevention, and handling of fraudulent transactions are to be expected, as well as the challenge of maintaining an efficient balance between transaction conversion and fraud prevention. Furthermore, the reversal of the burden of proof could have a massive impact on customer behavior. The issue of fraud will gain significant momentum. This is already evident in the UK, where the mere sharing of liability risk has led to a significant increase in damages. The issue of fraud should be a major priority for payment institutions in the coming years.

Transaction monitoring and exchange of fraud-related data: To effectively combat fraud, banks and payment service providers must monitor transactions and exchange fraud-related data among themselves to detect early warning signs and respond appropriately.

IBAN-name-check: Implementing the IBAN-Name-Check requires verifying the entered IBAN and the associated account holder’s name to reduce fraud cases and increase transaction security. This may result in additional costs for banks as they will need to adapt their existing systems and processes to integrate this new measure.

Prohibition of fees for certain payment services: PSD2 introduced the surcharge ban, which prohibits providers from charging customers extra fees for certain payment methods. The new draft of the PSR expands this ban. Providers should not be allowed to charge fees for payments, although discounts or special offers that steer the selection of a particular payment method are not excluded. Banks and payment service providers should now identify alternative revenue sources and develop new service offerings to remain competitive.

The impact of PSD3 on banks and payment service providers at a glance:

What are the next steps for a smooth implementation of PSD3 and PSR?

Given these new regulations, it is crucial for banks and payment service providers to act proactively to ensure early compliance with the regulations and secure the competitiveness and profitability of their offerings.

The following measures should be taken to meet and successfully implement the new regulations:

Optimization of security mechanisms:

  • Advanced authentication technologies that are both secure and user-friendly should be introduced to meet the requirements of PSD3

Strengthening fraud detection and prevention:

  • Fraud detection and risk management systems should be integrated to detect and prevent fraudulent activity early on
  • Staff should be trained to identify suspicious transactions to raise awareness of fraud prevention
  • Decision-makers should exchange information on fraud issues to learn from each other and create synergies

Integration of the IBAN-name-check:

  • Automated solutions for the IBAN-name-check should be introduced to meet the requirements. It remains to be seen to what extent efficiency and security of payment transactions will be improved

Development of alternative revenue streams:

  • New service offerings and payment solutions that provide additional value for customers, such as innovative financial services or personalized offers, should be introduced
  • The business model should be diversified by exploring new markets or partnerships to tap into additional revenue sources and remain competitive

With our long-standing expertise in the areas of payment transactions and regulation, we navigate our clients through the complex requirements of the payment market, in particular PSD3 and PSR. Our team of experts supports you in leveraging market developments, developing tailored solutions, and making your business models future-proof. From analysing business processes, identifying and tapping into new revenue sources to selecting and implementing technology solutions – together, we can strengthen your company’s position in the payment market. Please feel free to contact us.

What impact does PS3 and PSR have on your company?

PSD3 and PSR are part of our new workshop “NextGen Payments: Revolution or evolution by 2030?”. In a customised workshop, we discuss with you how the future drivers of digitalisation, regulation and cyber security will affect your business models and we will work together to develop individual solutions. You can find more information here.

Further regulatory requirements – DORA

Alongside PSD3 and PSR, other regulatory requirements such as DORA are influencing payment transactions. Learn more in this blog article.

Jens Hegeler

Hauke Peters

The digital euro – Europe’s answer to digitalization in payment?

Between the dynamic poles of digitalization, regulation and cyber security, future drivers are having a major impact on today’s payment industry. As the first in a three-part series, this article takes a closer look at current trends and innovations shaping the digitalization in payment.

Various trends and innovations are influencing the payment industry and driving the trend towards the digitalization in payment. The European Payment Initiative (EPI) launched P2P and its digital wallet solution Wero for payments is on the doorstep. EPI strives to offer a multi-channel payment solution with increased flexibility of financial transactions by integrating various payment methods, enhancing security and providing a user-friendly interface. The integration of additional card products, the digital euro and eID are planned. A shift from the financial services of a traditional house bank to embedded financial services is also recognizable in the banking sector. The trend of managing all financial matters at one’s own bank is moving very strongly towards the use of service providers and FinTech’s who are embedding banking services under one big umbrella for their customers. Digitalization therefore not only brings many opportunities for merchants and banks, but also holds challenges that need to be overcome. We will take a closer look at the digital euro and its possible impact on Europe’s payment market.

Dieses Bild hat ein leeres Alt-Attribut. Der Dateiname ist Figure-1_Triangle-1024x591.png

Triangle of digitalization, regulation and cyber security in the payment industry

The digital euro – A deep dive into one of many digital innovations

The European Central Bank envisions a digital version of euro cash issued by the central bank and made available to all residents of the eurozone. This vision involves end users receiving a free electronic wallet that enables free transactions in real time. With the possible launch of the digital euro, the European Central Bank wants to achieve greater independence in a standardized European payment system. It also wants to ensure the stability and security of the European financial system while promoting innovation for digital business models. The final decision on the introduction of the digital euro by the EU governance bodies is foreseen for the end of 2025.

Dieses Bild hat ein leeres Alt-Attribut. Der Dateiname ist Figure-2_Processing-of-the-Digital-Euro-in-the-existing-euro-system-1024x427.png

Processing of the digital euro in the existing euro system

Challenges for a successful launch of the digital euro

One of the biggest challenges is to build the required infrastructure and ensure that the digital euro can be used securely and efficiently. Beyond that, there are also legal and regulatory aspects that need to be resolved in order to integrate the digital euro into the existing European financial system. Competition with already established payment methods, such as PayPal or international credit card schemes, can also represent a challenge for the successful implementation of the digital euro. In this context, a further risk is the lack of acceptance among end users and merchants.

Opportunities of the digitalization in payment

For end users, the digital euro offers legal tender as digital money, free of charge for basic services, processed in real time and usable without internet connection. The obligation to accept the digital euro for merchants would ensure that consumers can use it across all areas.

The requirement to accept the digital euro could give merchants a stronger position in negotiations with other payment method providers. Furthermore, the introduction of the digital euro could reduce transaction costs, as no scheme fees are to be incurred in the system. The costs will be covered by the Euro System. The so-called ‘zero-interday holding limit‘ applies to merchants’ wallets, meaning that the digital euro must be transferred to the merchant’s bank account within one day of receipt of funds. Merchants can therefore access their funds immediately, which improves liquidity. Moreover, the digital euro offers merchants the opportunity to increase their conversion rates, which could lead to a higher completion rate on sales. Universal acceptance of the digital euro across the eurozone would allow merchants to reach a wider range of customers and make cross-border transactions much easier.

For banks, the digital euro opens up the potential to expand their customer base and strengthen the loyalty of existing customers by offering new features and more extensive services. As the Euro System is state-funded, banks could benefit from a reduction of scheme and settlement fees, which could lead to cost savings. In addition, banks can develop new business models and services based on the digital euro and therefore remain competitive on the payment industry.

Dieses Bild hat ein leeres Alt-Attribut. Der Dateiname ist Figure-3_Planned-media-and-use-cases-for-the-Digital-Euro-1024x538.png

Planned media and use cases for the digital euro

Advice on handling the digitalization of the payment industry

Considering the political role, it can be assumed that the digital euro will play a role in the future payments mix – depending largely on the structure, the behavior of market players and the general development of the payments market over the next few years. It is important to emphasize that the digital euro will enhance existing payment structures (e.g. issuers and acquirers), but will not replace them.

With reference to further trends and innovations in the field of digitalization, merchants and banks should use the time now to analyze their payment architecture and revise their portfolio to be prepared for the future in all directions of digitalization.

Merchants should prepare for the future at an early stage and optimize their payment acceptance architecture. Topics such as payment orchestration and smart routing are relevant to reduce costs, increase conversion and optimize the payment load as well as to ensure future readiness.

Banks in return face the challenge of developing a payment transaction strategy that meets the real needs of their customers and uses the regulatory framework to create value. Payment must be considered as a holistic strategy to meet the requirements of the future. Only with a comprehensive and future-oriented strategy at hand banks, merchants and end customers are able to benefit from the advantages of the digital euro and meet the challenges of the modern payment world.

In the next article of this three-part series, we will take a closer look at the regulatory requirements, such as PSD3 and PSR – What impact does this new wave of regulation have on the payment industry and what does it mean for merchants and banks?

This article was first published on ‘The Paypers‘.

What impact does the digital euro have on your company?

Discover in our exclusive workshop “NextGen Payments: Revolution or Evolution by 2030?” how the digital euro and the future drivers of digitalization, cyber security and regulation will affect your business models and how you can make your company future-proof.

We look forward to hearing from you and will be happy to answer any questions you may have.

Dr. Carlos Nasher

The digital euro – complement or competitor in the payment portfolio?

On November 1, 2023, the European Central Bank launched the preparatory phase for the introduction of the digital euro. After a two-year investigation phase, the development of the required infrastructure and platform will now begin. This phase also includes tests to determine whether the digital euro has a sustainable future. In two years from now, the Governing Council of the central banks will decide whether the digital euro will be introduced and issued.

Roadmap for the digital euro

What is the digital euro?

The digital euro would be a digital form of central bank money issued by the central banks of the euro area and available to all citizens in the euro area. It would complement existing means of payment such as banknotes and coins and could be used for payment at the point-of-sale (POS), in e-commerce, between private individuals and with public authorities. The aim is to offer a secure, universally applicable and efficient form of digital central bank money that promotes digital business models and strengthens the strategic autonomy and sovereignty of European payments.

How can the digital euro be used?

What are advantages of the digital euro?

Firstly, it should be noted that the digital euro has functionalities that are in most respects no different from other payment instruments. Nevertheless, the ECB highlights fundamental differences:

For end customers

  1. Universal means of payment: In enhancement of cash, the digital euro offers access to digital central bank money. This enables citizens to use both physical and digital forms of money in their everyday lives. Merchants should be obliged to accept the digital euro. This should ensure that every consumer can use the digital euro.
  2. Free of charge for basic services: The digital euro should be free of charge for basic services, which makes it particularly attractive for end users. Payments can be processed in real time without incurring additional costs.
  3. Offline functionality: The digital euro should offer the possibility to pay without an internet connection. This is particularly useful in areas with limited network coverage or in situations where the internet is not available. It remains questionable how the ECB will avoid double spending.

For Merchants

  1. Improved negotiating position: The digital euro would give merchants a stronger negotiating position vis-à-vis other payment service providers thanks to the acceptance obligation.
  2. Higher conversion rates: If every customer can use the digital euro, conversion rates should increase.
  3. Efficient payments: The introduction of the digital euro could lead to a reduction in transaction costs. Merchants could benefit from the lower costs, as no scheme fees are to be incurred in the system.
  4. Immediate availability: Instant Payment enables merchants to access their funds immediately. This improves liquidity and enables more efficient business management.

For Banks

  1. Great reach: The digital euro has the potential to reach a broad customer base. Banks can benefit from this great reach by gaining new customers and strengthening existing relationships.
  2. Reduced costs: As the Eurosystem is state-funded, banks could benefit from an exemption or reduction in scheme and settlement fees. This could lead to a significant reduction in costs.
  3. Platforms for innovative ideas: Banks have the opportunity to develop new business models and services based on the digital euro. This could expand their product portfolio and help them to remain competitive.

How does the digital euro work?

Payments with the digital euro should be risk-free, free of charge for the consumer and possible in real time. The digital euro would be stored in an electronic wallet, which would be set up at a bank or an intermediary. It is planned that customers are only allowed to have one wallet. The money can be converted directly from the current account into digital euros, with the option of manual top-up or an automated top-up function.

In contrast, a merchant may have several wallets, but is not allowed to hold the digital euros in them. The zero-interday holding limits mean that the digital euros must be transferred to the merchant’s bank account on the same day they are received. Intermediaries play a central role in creating value with the digital euro, however the ECB has a partial claim to the customer interface. It is planned that a dedicated app/wallet will be provided either by the ECB itself or by other authorized providers.

Payment process with the digital euro

How does the economic model of the digital euro work?

With the aim of striking a balance between appropriate incentives for banks to spread the digital euro and protective measures for end customers, a compensation model was presented that is based on clearly defined basic principles.

Free basic functions for end customers

It is planned that banks will not be allowed to charge end customers for the basic functions of the digital euro. This ensures that the digital euro is free of charge for end customers.

Compensation between acquirer and issuer

Compensation between acquirer and issuer that is comparable to interchange is being considered. This fee is currently to be limited to the level of comparable procedures, similar to debit card payments.

No scheme fees

In contrast to existing traditional four-party models, there would be no scheme fees for the digital euro. The Eurosystem would bear its own costs, which ultimately corresponds to state financing of the digital euro scheme.

Basic principles of the commercial model

What impact could the digital euro have on banks?

The introduction of the digital euro could have various effects on banks:

  1. New business models and services: Banks would play a central role in the provision of the digital euro. They could use the pan-European platform provided by the Eurosystem as an important point of contact for individuals, retailers and companies and develop new business models and services to expand their product portfolio.
  2. Competition with fintechs: As fintech companies could gain direct access to the digital euro, competition in the financial sector could intensify and lead to pressure on banks to optimize their services and make them more cost-efficient. Fintechs are known for their innovative strength and could force banks to react more quickly to market changes.
  3. Cannibalization effects: As the ECB is planning its own app or wallet for the digital euro, which could be used for payment, there is a risk that existing payment methods such as payment with a physical girocard or credit card will be displaced by the digital euro wallet. Banks would have to adjust in order to keep their existing payment solutions competitive and minimize potential losses.

What impact could the digital euro have on merchants?

For retailers the question arises as to whether the digital euro will bring real added value or just become another checkout button. The ECB promises various benefits for users and therefore also for merchants:

  1. Universal acceptance: The digital euro would be usable in all retail situations and available throughout the eurozone. It would also cover a wide range of payment situations and offer a high level of user-friendliness. This could promote the acceptance and usage of the digital euro.
  2. Data protection and high security: The digital euro offers full control over personal data, as the processing of personal data by payment service providers would only be permitted with the explicit consent (opt-in instead of opt-out) of the user for certain purposes. This could strengthen consumer confidence in the digital euro. In addition, the digital euro would offer a higher level of privacy than other electronic payments, especially for offline payments. This could be a decisive argument for users who value data protection and security.
  3. Cost efficiency and immediate availability: By eliminating scheme fees, the acceptance costs for merchants could be lower than comparable procedures. In addition, the digital euro is intended to enable instant payment, giving merchants the possibility of immediate access to their funds.

What about the relationship between the digital euro and EPI?

The European Payment Initiative (EPI) was launched to create a standardized payment system in Europe. It is a commitment by 14 banks from 5 countries – Germany, France, Belgium, the Netherlands and Luxembourg.

The digital euro and EPI both aim to create a standardized payment system in Europe. Both provide their own app or are integrated into banking apps and are based on the same business model. It is difficult to differentiate between them, yet both have the potential to strengthen the banking ecosystem. The appropriate networking of the two is a key success factor. It will be crucial how banks adjust and what strategies they pursue to remain relevant and competitive.

What future prospects does the digital euro offer merchants and banks?

Whether the digital euro has a sustainable future remains to be seen. In any case, the introduction of the digital euro would bring further momentum to the market.

Merchants should therefore prepare for the future at an early stage and optimize their payment transactions. Topics such as payment orchestration and smart routing are relevant to reduce costs, increase conversion and optimize the payment load.

Banks in turn face the challenge of developing a payment transaction strategy that meets the real needs of their customers and uses the regulatory framework to create value. Payment transactions must be considered as a holistic strategy to meet the requirements of the future. The collaboration and integration of different payment systems and methods could strengthen the banking sector and open new opportunities. We continuously monitor market developments to evaluate possible courses of action and develop suitable strategies together with our customers and partners. Only with a comprehensive and future-oriented strategy at hand can banks, merchants and end customers benefit from the advantages of the digital euro and meet the challenges of the modern payment world.

What impact does the digital euro have on your company?

Discover in our exclusive workshop “NextGen Payments: Revolution or Evolution by 2030?” how the digital euro and the future drivers of digitalization, cyber security and regulation will affect your business models and how you can make your company future-proof.

We look forward to hearing from you and will be happy to answer any questions you may have.

Andre Standke

Dr. Carlos Nasher

Sources

Bundesbank

ECB Europa

Thede Consulting becomes part of Projective Group for true end-to-end solutions and European presence

Hamburg, 26 July 2024Thede Consulting is excited to announce to be part of Projective Group, a leading financial services consultancy specialising in strategy, implementation, and sourcing within the financial sector. This move aligns with Thede Consulting’s growth plan increasing their presence in Europe and enhancing their expertise to provide even greater value and advanced solutions for their clients.

Andre Standke, Managing Partner of Thede Consulting said: “We are excited to become an active part of Projective Group, a move that marks a significant milestone for our firm and our clients. It empowers us to cover the entire value chain, delivering true end-to-end solutions with a European reach. We look forward to leveraging the synergies with Projective Group to provide our clients with even more comprehensive strategic guidance on their business models and successfully implement these strategies with the additional integrated services. Moreover, their culture with its people-first approach aligns perfectly with our values. As part of the group, we are convinced that we will create significant value for our clients and employees – truly an ideal match.”

The integration of Thede Consulting in the Projective Group significantly bolsters Thede Consulting’s capabilities, expanding its local team to approx. 100 professionals across key locations such as Frankfurt, Munich, Hamburg, and Switzerland and its global team to 1,200 people. The managing partners of Thede Consulting Andre Standke, Jens Hegeler, Dr. Carlos Nasher and Eike Maybaum become shareholders of the Projective Group.  This expansion broadens the range and quality of services offered to clients and enhances the capacity to manage larger and more complex projects.

Stefan Dierckx, CEO of Projective Group: “Thede Consulting’s expertise in payments strategy will be crucial as we work together to deliver tailored solutions in the payments sector. With the rapidly evolving payments landscape, increasing regulatory demands, and the rise of digital and real-time payment solutions, Thede Consulting joining Projective Group couldn’t be timelier.”

Unlocking synergies for tailored client solutions

Projective Group’s profound expertise will enable Thede Consulting to increase their strategic focus and operational execution, ensuring an optimal balance between strategy and implementation within the payments area. This partnership also opens avenues to diversify Thede Consulting’s services beyond payments, utilising Projective Group’s extensive European network to deliver more innovative, client-centric solutions.

Commitment to growth

The integration of Thede Consulting is a pivotal step in Projective Group’s long-term strategy, emphasising a balanced approach to growth through both organic development and strategic acquisitions. By continually enhancing its capabilities and expanding its geographic reach, Projective Group aims to offer together with Thede Consulting unparalleled expertise and innovative solutions, solidifying its position as a leading and trusted advisor in the financial services industry.


About Projective Group

Established in 2006, Projective Group is a leading financial services consultancy specialising in strategy, implementation, and sourcing. With over 1,200 experts across Europe, our extensive presence and deep expertise enable us to deliver innovative solutions that drive growth and efficiency. Projective Group’s total global revenue stands at €150 million, reflecting our significant impact and reach within the financial services industry.

About Thede Consulting

Thede Consulting, with over 30 years of experience, offers advisory services in the payments sector both domestically and internationally. Their team brings distinct skills that drive collective success. They specialise in future payments, innovative business models, and using advanced technology to boost competitiveness through digital transformation. Moreover, Thede Consulting has a stronghold in supporting its clients during implementation, e.g. finding an appropriate partner for a payment product and orchestrating the subsequent migration.

We look forward to continuing to support you comprehensively in shaping the payment of tomorrow and making you fit for the future.

If you have any further questions, please do not hesitate to contact us:

Andre
Standke

Jens
Hegeler

Dr. Carlos
Nasher

Eike
Maybaum

Efficient payment management with virtual commercial cards

In today’s digital world, efficient payment management is a key to success for companies to reduce their (administrative) costs through lean internal processes in an increasingly complex environment. The issuing of commercial cards within a company also often is inflexible and only helps to a limited extent with internal organization and billing. However, there is an innovative solution that helps companies to optimize their overall process, from approving employee expenses to booking them correctly, while at the same time saving costs: Virtual commercial cards.

Virtual commercial cards not only offer a secure and efficient payment method, but also a wide range of benefits for companies. In this blog article, we take a closer look at this type of commercial card and show how you as an issuer can position yourself sustainably in the context of increasing requirements. Find out how virtual commercial cards are revolutionizing payment management and help companies to increase efficiency and reduce costs.

What are virtual commercial cards?

Virtual commercial cards are a digital payments instrument that companies can use to optimize their payment processes. In contrast to conventional commercial cards, which are issued physically, virtual commercial cards solely exist in digital form. They are usually provided via an online platform or a mobile app.

The functionality of virtual commercial cards is based on the generation of virtual card (numbers), the design of which is very flexible. Companies for example can customize spending limits, categories and validity periods for specific employees or departments as. When issuing cards, a distinction is made between single-use (or single-purpose) and multi-use cards.

Single-Use cards allow the card to be used only once, which may be limited to one merchant category. This can be, for example, the payment of a hotel stay, with reservation of an amount at check-in and the possibly deviating final payment upon departure.

Multi-Use cards can be used several times and are comparable to traditional cards in this respect.

An important advantage of virtual commercial cards, especially for single-use cards, is the increased security compared to conventional commercial cards. The one-time use of virtual credit card numbers prevents sensitive credit card data from being stored by merchants or service providers. This reduces the risk of data leaks and unauthorized access to credit card information. For the card-issuing bank (issuer), this can significantly reduce the costs of fraud if the processes are properly secured, as the cards are issued for one-time use with restrictions. At the same time, depending on the business model, the issuer earns more than just the interchange fee (which is not regulated for commercial cards). Depending on the depth of data and integration as well as the integration of service providers, additional sources of income arise, e.g. for the integration of travel services, travel expense reports or the detailed provision and analysis of data. By connecting to existing platforms, economies of scale can be achieved quickly from the issuer’s perspective and new customers can be integrated cost-efficiently. Such a connection can also be very interesting for service providers such as ERP system providers or travel expense accounting companies, as it gives them access to a larger number of potential customers.

How do companies benefit from virtual commercial cards?

If you want to evaluate the benefits of corporate credit cards, you need to consider several perspectives:

1. Company integration

When providing the payment solution and integrating the company, the issuer’s task is to offer the greatest possible added value for the company in terms of transparency of payments, automated processes and thereof resulting lower (administrative) costs. Transparency is created by providing data at a detailed level, which the company can ideally transfer directly to its accounting system. Deeper integration can automate processes in approval and budgeting as well as the allocation of payments to persons and cost centers for accounting. Many issuers also offer integrations of ERP or accounting systems (e.g. SAP, Oracle, Sage, DATEV) for this purpose.

2. Merchant integration

A regular offering with commercial cards is the direct integration of providers for common use cases in issuers platforms. For example, employees can book business trips directly via integrated travel agencies or purchase office supplies via purchasing platforms. This allows companies to better control budgets or company guidelines, for example by only showing employees hotels within their defined price range. In addition, the use of virtual credit cards opens considerable savings opportunities for companies with small or one-off service providers, as they can dispense with know-your-business (KYB) processes.

3. User experience for employees

The use of company credit cards should be as simple, flexible and convenient as possible for employees. This applies to the application and approval as well as the use of the cards. In particular, employees are expected to enjoy the same benefits when using their commercial cards as they do when using their private card. These include broad acceptance and the possibility of mobile payments. The great advantage of virtual cards compared to “traditional” commercial cards is their flexibility, e.g. in setting spending limits, categories and validity periods for certain employees or departments. This also enables companies to provide external persons with a means of payment. This makes it much easier, for example, for applicants to pay for travel to job interviews.

Many young providers in the European market, such as Yokoy, Pleo, Pliant and Soldo, focus primarily on company integration and the user experience for employees. In this context the goal is to enable companies to use the most flexible and automated processes possible through an “expense management platform”. Employees, on the other hand, are enabled to use payment options in their work environment that they are familiar with in their private life.

In summary, virtual commercial cards offer numerous advantages: They enable efficient payment management, reduce administrative effort, offer increased security and allow better control of spending. Companies can benefit from the flexible application options and adaptability of virtual commercial cards and optimize their payment processes.

What are the possible applications and use cases for virtual commercial cards?

Travel expense report
Virtual commercial cards facilitate the settlement of travel expenses for employees and companies. From the company’s point of view, the approval and release process is simplified, as is the subsequent billing and posting. Employees have a modern and convenient payment option and do not have to submit receipts.

Procurement management
Companies can use virtual commercial cards to make purchases from suppliers and service providers. This simplifies the ordering process and enables faster delivery of goods and services.

Subscription management
Virtual commercial cards can be used to manage subscriptions and recurring payments. Companies have full control over payments and can easily terminate or change subscriptions if necessary.

How is maximum customer focus achieved with regulatory compliance?

When using virtual commercial cards, issuers must comply with regulatory requirements such as the Payment Services Directive 2 (PSD2) and, in future, PSD3. These directives were introduced to ensure the security and protection of payments and financial data. Issuers must ensure that their virtual commercial cards meet strict security standards and that the required authentication procedures are implemented.

Nevertheless, the simple and convenient use of virtual commercial cards for issuers and their customers must not be overlooked. User-friendliness and smooth integration into company processes are crucial to ensure the acceptance and success of virtual commercial cards. This not only strengthens customer loyalty, but also positions the issuer as a trustworthy partner in payment transactions.

How does TC support issuers and companies when it comes to virtual commercial cards?

Thede Consulting supports issuers with expert knowledge and many years of experience in all aspects of virtual commercial cards. This begins with the strategic positioning of the issuer regarding the product range, target groups and markets and continues with the specification and implementation of this strategy. Together we develop answers to the following questions:

  • Which markets are interesting for me as an issuer? How can I position myself in my existing markets or enter new ones?
  • What are the requirements of potential customers and how will they develop?
  • How am I positioned as an issuer and how are my competitors?
  • How should my “virtual commercial cards” product be structured?
  • How does the new product contribute to my profitability in the corporate customer business?
  • What regulatory framework conditions do I need to consider?

Furthermore, Thede Consulting uses its many years of expertise to support companies, for example, in identifying the necessary and possible structure of their corporate credit card portfolio and in selecting the right issuer. The focus lies on the following questions:

  • What configuration and level of integration do I need for my company?
  • Which issuer offers the right product range for my requirements?

Would you like to find out more about virtual commercial cards and the opportunities they offer for your business model?
Please contact us.

Jens Hegeler

Sebastian Ruwe

Workshop NextGen Payments: Revolution or Evolution by 2030?

Discover the future trends in our exclusive workshop. We will show you how the future drivers of digitalization, regulation and cyber security will affect your business models and develop individual solutions with you.

Payment services are subject to constant change, which has accelerated even further in recent times. They are reflected in the future drivers of digitalization, regulation and cyber security. As a bank and financial services provider, it is now crucial to think ahead and prepare for the future. What impact will these future drivers have on your business model?

Our exclusive “Next Gen Payments” workshop is customized to your company and your challenges. Together, we explore the future drivers and analyze their impact on your company. Our experts will guide you through the latest trends and show you how you can position yourself for success.

Your Benefits

  • Identification of current trends and relevant developments for your company
  • Evaluation of economic efficiency, opportunities and risks
  • Development of an individual strategic roadmap for the enhancement of your business models

Workshop Topics (4-5 hours)

  • Keynote speech by our experts “Payment in the triangle between Regulation, Digitalization and Cyber Security”
  • Collaborative impact analysis on your current business models
  • Identification of strategic and operational activities and the relevant fields of action

We look forward to supporting you in shaping the payment of tomorrow and enabling you and your business for the future.

Are you interested? Please feel free to contact us:

Andre
Standke

Jens
Hegeler

Dr. Carlos
Nasher

Eike
Maybaum

Payment Strategy Industry

Payment strategy for the industry

An efficient payment strategy for the Industry 4.0 is crucial. The digitisation of the industry requires a change in mindset for the entire value chain in order to secure your own competitiveness and innovative strength. Thus, efficient payment processing for innovative business models and sales formats plays a central role in this.

Industrial clients, just like consumers, increasingly expect both intuitive and instantly completed, finalised payment processes (also see Instant Payment) – on a global basis. Accordingly, the demands of external as well as internal customers on the treasury’s range of services and thus on competitive solution. Fulfilment processes are rising sharply. Digital sales formats focus more on the use and less on the ownership of “capital equipment”. Thus, “pay-per-use” offers that charge for actual services provided in real time or for the consumption of goods are beginning to establish themselves in the industry. The next step will be the ability to process autonomous transactions.

 

Marketplaces as digital business models

The assessment and allocation of services and the corresponding payment raise questions about efficiency, the future depth of added value and a suitable organisational model of the treasury in the area of payment and settlement.

  • How can these payments be processed efficiently?
  • What possibilities for exchange exist? How are these to be evaluated with regard to the respective requirements?
  • Which advantages do wallet and distributed ledger technologies, for example, offer for this shift in interactions?
  • Which additional commercial services are to be mapped out in order to be able to ensure efficient processing?

For treasurers, areas of action in the future payment strategy in the industry primarily include to provide complementary services required for a successful market place, such as order management, billing & tax management, payment and accounting.

 

Which type of organisational model is suitable for your treasury?

Companies can choose between different organisational models for payment processing, depending on whether they want to offer central services as enablers only or also provide such services themselves. Depending on the strategic orientation, aspects such as the direct (internal) customer relationship with the operators of the business models, transparency and uniform (global) control of liquidity flows of digital business models or the realisation of synergies through uniform systems and settlement processes are in the focus. Depending on the depth of value creation to be adjusted in a strategically and economically sustainable manner, companies can choose between role models such as Payment facilitator or Payment Gateway.

 

Read our full whitepaper to learn more about efficient payment strategies for the industry and potential role models.