The European Union has reached a political agreement on the Payment Services Regulation (PSR) and PSD3, setting the stage for the most consequential shift in European payments since PSD2 took effect in 2018.
While PSD2 opened the door to strong customer authentication and early-stage open banking, enforcement was inconsistent and fraud levels continued to rise across both card and non-card rails. This new agreement aims to close those gaps by making PSPs more accountable, giving consumers stronger rights, and placing new obligations on online platforms that have become breeding grounds for social engineering, impersonation scams, and unauthorized financial advertising.
Corepay has been following this closely because the impact extends far beyond Europe. Whenever the EU tightens risk controls, global acquirers, gateways, and fintech platforms often adopt similar frameworks for their US and UK operations. This is the first clear signal of how the next generation of global payment compliance will look.
Below is our full breakdown of what is coming, why it matters, and how merchants should prepare.
Fraud Liability Shifts Heavily Toward PSPs
Under PSR and PSD3, PSPs are expected to carry more responsibility for detecting and preventing fraud. Europe has dealt with a sharp rise in impersonation and “authorized push payment” fraud over the last four years. The new framework treats any payment initiated or modified by a fraudster as fully unauthorized. The customer is entitled to a full refund as long as they report the incident to both their PSP and local authorities.
This creates a risk model similar to what the UK is preparing for with its mandatory APP reimbursement rules. PSPs will need more advanced fraud scoring, tighter device intelligence, and stronger behavioral analytics to avoid absorbing losses. From Corepay’s perspective, this is a natural evolution of the industry. When authentication is heavily regulated, the only competitive edge left is the quality of a PSP’s fraud stack and dispute-prevention tools.
Payee Name Matching Becomes Mandatory
The EU is introducing mandatory account-name and identifier matching. If the information does not align, the PSP must reject the transaction before it can be processed. This closes one of the biggest PSD2 loopholes, where banks relied purely on unique identifiers and allowed fraudsters to bypass name checks.
Merchants that rely on bank-to-bank payments, open banking flows, or accelerated payouts will need to ensure their billing and customer profiles are consistent. Discrepancies that once slipped through will now result in refused payments and potential delays. Corepay expects businesses offering subscriptions, pay-later services, and high-volume checkout flows to feel this most strongly.
Online Platforms Face Liability for Scam Content
A major shift in this agreement is the placement of financial responsibility on online platforms when they ignore fraudulent listings or impersonation schemes. If a platform fails to remove known scam content and a consumer is defrauded, the platform can be held liable to the PSP that reimbursed the customer.
This ties directly into the Digital Services Act’s broader push to force platforms to identify who is advertising financial services and whether they are legally authorized. Many companies that run paid acquisition funnels in the EU may see increased verification steps, slower onboarding for financial ads, and heavier scrutiny of affiliates and partners.
For Corepay merchants with EU traffic, this means advertising compliance will tighten significantly. Partnerships, content platforms, and referral networks will need to demonstrate legitimacy and licensing before they are allowed to run campaign spend.
A New Era of Transparency Around Fees
PSR requires that consumers see the real cost of a payment before it happens. Europe is attempting to eliminate ambiguity around currency conversions, ATM withdrawals, and cross border surcharges. Many European consumers do not understand the various layers of fees attached to international payments or independent ATM operations, and regulators viewed this as a failure of PSD2.
There is a practical commercial impact here. Merchants may need to adjust their checkout disclosures and pricing communication. In particular, businesses that bill customers across multiple currencies will need to make conversion rules clearer. Corepay already emphasizes transparent billing descriptors and straightforward rate structures, so this shift aligns well with our approach.
Open Banking Finally Gets Its Missing Infrastructure
PSD2 was supposed to create a competitive open banking environment, but the lack of uniform access, poor uptime from banks, and widespread use of “soft blocking” slowed adoption. PSR and PSD3 aim to fix this.
The deal includes the following changes:• Banks cannot discriminate against open banking providers or restrict data access.• A standardized list of prohibited obstacles will govern how banks must share data.• Users will receive a permissions dashboard that lets them see who has access to their financial data.• Device manufacturers and digital service providers must permit secure storage and transmission of payment data on fair terms.
In plain terms, this agreement forces Europe to build the open banking environment regulators originally envisioned. This is likely to accelerate bank-to-bank payments, reduce card fee burdens over time, and increase competition for traditional acquirers.
Merchants will benefit from more reliable payments, faster settlement windows, and additional low cost payment methods. In Corepay’s view, this will also expand opportunities for orchestration, routing optimization, and failover paths, all areas where our Netvalve gateway excels.
Strengthened Access to Cash in Rural Regions
While most of the industry is focused on digital payments, the EU has a parallel mission: maintain cash availability throughout the bloc. Retail shops will now be allowed to provide modest cash withdrawals without requiring a purchase. This helps rural areas where ATM density has declined.
This does not directly affect ecommerce or high risk merchants, but it reflects the EU’s long-term philosophy that every innovation must maintain financial inclusion.
A More Predictable Authorization Framework for PSPs
Payment institutions that seek licensing within the EU will face a more standardized process. The earlier PSD2 framework suffered from inconsistent interpretations among member states. PSD3 creates tighter prudential requirements, more detailed budgeting expectations, and harmonized timelines for approvals.
Crypto asset service providers already licensed under MiCA will also receive a streamlined path to authorization for payment services. This expands the potential for crypto-fiat hybrid PSP models operating within mainstream regulations.
Mandatory Alternative Dispute Resolution
The new rules require all PSPs to take part in alternative dispute resolution if a consumer chooses it. This is consistent with the EU’s push for faster dispute cycles and earlier data sharing. Corepay expects this to complement Visa’s CE 3.0 trend, RDR growth, and the global shift toward pre-chargeback remediation.
Corepay’s Perspective: What Merchants Should Prepare For
This agreement signals a broader global movement toward stricter risk governance, greater PSP liability, and faster identification of fraudulent behavior. Merchants operating in or selling to the EU should monitor the following areas:
• Ensuring customer data, names, and identifiers match cleanly during onboarding• Preparing for more aggressive authentication flows• Tightening KYC and KYB practices with advertising partners• Ensuring billing transparency and currency disclosures are fully clear• Verifying that their PSP supports pre-dispute data sharing and modern fraud tools• Planning for increased scrutiny of high risk verticals, recurring billing, and cross border transactions
Corepay supports these reforms and is already aligned with their philosophy. Our gateway and risk stack emphasize strong authentication, intelligent routing, dispute prevention, and predictable billing structures. As the EU finalizes implementation timelines, we will provide guidance to merchants who want to remain compliant while maintaining high approval rates and low reserves.
