- The inability of financial institutions to provide us with solid and clear guidelines for the development of the technology to enable our customers to comply with the regulations was a clear symptom that it was not feasible to be ready on 14 September as far as our role in the digital payment process
- Dingus guarantees connected hotels that they will be the first to receive the tools to implement the appropriate measures, when the banking sector is in a position to apply European regulations in their entirety
In recent weeks, all actors in the tourism sector have acquired a great deal of knowledge about the motivation and benefits of the PSD2 directive and that already famous SCA (Strong Customer Authentication). Both should have been in place across the board on 14 September in the EU to improve the security of electronic payments. However, the technical complexity of the processes and methods was not taken into account, and headlines in the press and blogs went ahead of reality, speaking of the deadline as final.
In this really complicated scenario, the hotel (our client) looked at the technology provider waiting for the solution to comply with the EU directive on payment services. And we (Dingus) asked banks and other stakeholders the basis on which our company Etoolinnovation (where we work on technological innovation to meet the needs of the hotel sector) could implement the necessary development for it. In short: we expected to know where the other shore was located to build the bridge (between the hotel and the bank or entity).
The technology provider, in this case, is placed right in the middle of the need for collection of the tourist industry (dependent in turn on the payment of the client) and the financial service that is obliged to comply with the regulatory mandates of the European Commission. But little more can be done except wait. At Dingus we have done so without intervening in debates, diffuse explanations or uncertain speculations. To our customers and partners interested in what was happening and what we were doing about it, we offered explanations based on one certainty: that PSD2 would not be mandatory on the expected date. But of course, with the knowledge of why it was not possible to deploy the standard and the difficulties we were detecting.
With the same forcefulness, we are able to guarantee hotels connected to Dingus that they will be the first to receive effective tools to implement the appropriate measures, at the same time as the banking sector (in general) is in a position to apply European regulations with guarantees and clear procedures.
Meanwhile, we continue to focus on that other great challenge of data protection security in digital transactions, with the recent certification as PCI Compliance Service Provider Level 1 that you can learn more about by clicking here.
In order to avoid confusion, it is appropriate to make it clear that:
- since Saturday 14 September, part of the PSD2 regulation has been implemented
- banks set new security requirements for their users to access digital banking
- the main complication has been detected in the opening (by banks) of their payment services to third parties, Third Party Payment Service Providers or TPP
- the experts admit that the rule is currently of an unsustainable complexity for certain economic sectors
- the Banco de España has established an indeterminate transitional period (14 or 18 months) for online purchases with PSD2 criteria
- the moratorium affects several eurozone countries, following the opinion and recommendations of the European Banking Authority (EBA)