Mobile payment can be made easy for consumers: you only have to enter your card details once, the information will be saved and using the service will be that much quicker the next time. This one-touch payment method has spread rapidly in the last few years, with the examples best known in Finland being Wolt and Über as well as the Apple and Google app stores.

To the consumer, it looks like the credit card details are stored in the application. In reality, however, the storage of such data is governed by strict legislation. In practice, only regulated financial institutions are permitted to collect card information. This means that other companies can only create one-touch mobile payment systems through payment transmission service providers that offer tokenization.

Token-based payment services enable the storage of card details and recurring payments since the merchant is never in possession of the customer’s actual credit card details. Instead, the card numbers are stored by the payment service provider, which transmits the card details in connection with transactions.

Token service providers include Nets, Verifone and Adyen. The services offered by these operators mostly differ in how the customer experience can be tailored, the geographical limits of the services and the commissions charged for payments.

NEW LEGISLATION PROVIDES FOR OPENS APIs AND BETTER CONSUMER PROTECTION

The Payment Service Directive 2 or PSD2 entering into force in January 2018 will change mobile payments by requiring stronger authentication of consumers in connection with transactions. In other words, simply entering your card details will no longer suffice; the identity of the payer must also be verified through strong authentication. This can be implemented through two-factor authentication, for example. The authentication can take the form of a message, such as a push message or SMS, that the buyer must confirm in connection with the purchase.

The changes to legislation will also have an impact on service providers. Traditionally, online payments have been routed through payment service providers, with many actors in the chain of transferring the money from the buyer’s account to the merchant. For merchants and payment service providers, the biggest change entailed by PSD2 will be that, in the future, banks will open an API to the consumer’s account if authorized by a strongly authenticated consumer.

This means that merchants will soon be able to get their hands on the consumer’s account without going through a throng of middlemen charging fees for their services. Until now, innovations related to payments have largely been the purview of financial institutions, but PSD2 will encourage service providers to innovation and transparency, which can only be a good thing.

Cards have already replaced cash as the most common payment method. The next big step will be from cards to mobile.