PSD2 is the European regulation for electronic payment services. In principle, PSD2 aims to make payments more secure in Europe, as well as boost innovation and support banking services when adapting to new technologies. PSD2 indicates the increasing importance of APIs (Application Program Interfaces) within the Financial and FinTech sectors.
Read on to learn more about what PSD2 means for your organisation’s online and open banking.
Table of Contents
What is PSD2?
The origins of PSD2 can be traced to 2007 and the Payment Service Providers Directive (PSD). The PSD aimed to contribute to the development of a single payment market within the EU. In theory, this promotes innovation, competition and efficiency in the European Union.
In 2013, the European Commission proposed an amendment to the PSD – that’s where the ‘2’ comes in. PSD2 aims to enhance these objectives through improving consumer protection, boosting competition and innovation in the sector, and reinforcing security in the payments market. This is all expected to facilitate the development of new payment and eCommerce methods.
What changes through PSD2?
The most common change from PSD2 is banks opening their payment services to other companies, also known as Third-Party Payment Services Providers (or TPPs).
AIS and PIS
Another change is regulation and harmonisation of Payment Initiation Services (PIS) and Account Information Services (AIS). These services existed before the creation of PSD2, but they have become more popular in recent years.
AIS includes collecting and storing information from a customer’s different bank accounts in a single place. Customers access a global view of their finances as a result of AIS and can easily analyse their expenses. Sysynkt provides this functionality to customers, allowing clear visibility of corporate cards alongside personal cards if connected.
On the other hand, PIS providers facilitate online banking to make payments online. They initiate payments from consumer accounts to merchant accounts by creating an interface bridge between them. This bridge includes information required for bank transfer (transaction cost, account number, and associated message) and informing the store of the transaction. PSD2 also allows clients to make payments to a third party from a bank’s app.
The other change from PSD2 is the introduction of new security requirements, also known as Strong Customer Authentication (SCA). This is slightly different from traditional two-factor authentication (or 2FA), as it also includes an additional stricter definition of what counts as an authentication factor.
In practice, this could lead to customers seeing changes in the way they authorise their purchase. This primarily applies to the authentication factors they used, with reinforced authentication becoming a default.
How is the new regulation applied?
In terms of security, banks have updated the authentication elements they provide customers. For example, requests for details on the back of cards are replaced with text messages.
Furthermore, banks have developed systems and processes which allow them to make use of the exceptions permitted by SCA regulations for ‘low-risk’ transactions.
In terms of third-party access, PSD2 application is not explicit. However, most FinTech professionals presume that APIs serve as the technical medium which allows banks to comply with regulatory requirements. In any case, PSD2 makes it possible for consumers to authorise a third party to add financial information on their behalf and make payments on their behalf through their bank account.