Payment services directive frequently asked questions
Below are the answers to PSD2 frequently asked questions.
The first Payment Services Directive (PSD1) was adopted in 2007. PSD1 provides the legal framework for a single market for payments in the EU (European Commission, 2018). The aim was to implement safer and innovative payment services as well as to make cross-border payments easy and efficient (European Commission, 2018).
Since then, the Directive has greatly benefitted the EU economy. It has made it easier for new market entrants and payment institutions to gain access to the market and thus increased competition and choice for consumers (European Commission, 2018). Payments are now easier and quicker in all payment services directive countries.
The second payment services directive (PSD2) was developed to even the playing field and increase cooperation and collaboration between fintechs and traditional banks. PSD2 has three main benefits- increased consumer rights, improved security and permission for third-parties to access payment account information (GoCardless, n.d.).
PSD2 open banking operates under the payment services directive EU regulations. Open banking is a concept which enables secure sharing of financial information, such as consumer banking transactions and other financial data, to third-party service providers. Sharing data is done through the use of application programming interfaces (APIs) and only with the consent of consumers. Open banking is the driver behind both innovation and competition in the financial industry and the payment services directive provides the legal framework for this in the EU.
In simple terms, PSD2 is the revised version of the EU directive implemented to integrate the EU payments market and give control over financial data back to consumers.
EU directives are not directly applicable so PSD2 regulations are adopted by each member state individually and implemented within their laws. Under the new payment services directive, banks and other financial institutions are required to provide APIs for licensed external services providers or third party providers (Bröker, 2018). After these providers obtain their license, they can use the APIs to offer a range of payment and information services (Bröker, 2018). These can range from financial management apps to software that helps e-commerce to facilitate direct PSD2 payments (Bröker, 2018).
Payment service providers rely on qualified certificates for electronic seals. These can be obtained from a Qualified Trusted Service Provider. QSEAL, or Qualified Electronic Seal, certificates are used for identity verification to protect transaction information. QWACs, or Qualified Website Certificates, are used for website authentication to ensure the identities of Account Servicing Payment Service Provider (ASPSPs) and third party providers.
The revised Payment Services Directive, known as PSD2, was introduced in 2016. In order to allow implementation and transition, the transposition deadline in the EU and EEA was two years later on 13 January 2018 (AccountsIQ, 2018).
When did PSD2 come into force?
Due to the amount of technical difficulties and delays, banks, merchants and other fintech institutions were granted an extension for full implementation of the European Union Payment Services Directive to the end of 2020 (AccountsIQ, 2018). Businesses impacted by the Covid-19 restrictions have had their compliance deadlines extended to 14th September 2021 (Raisin, n.d.).
Why was PSD2 created?
The original Directive on Payment Services was introduced to the EU in 2007. The PSD2 Directive was designed to regulate payment services within the EU and EEA to determine which organisations could act as payment providers and ensure fairness to consumers by providing transparency regarding details relating to their payments (AccountsIQ, 2018). Since then, there have been significant changes to how financial transactions are made. Payments have become digital and revisions had to be made to the directive. Changes made to the original Directive were designed to reflect the changes in the financial world.
Yes, PSD2 is mandatory. As of the 13 of January 2018, PSD2 has been legally required in the EU and EEA. PSD2 officially went into effect on September 14, 2019 but due to the amount of technical difficulties and delays, banks, merchants and other institutions were granted an extension for full implementation to the end of 2020 (AccountsIQ, 2018).
There are two ways for businesses to comply with PSD2. Firstly, platforms can apply for a licence to either become an account information PSD2 service provider (AISP) or a payment initiation service provider (PISP). Both types of solutions are known as third-party solutions. They gain access to open banking data securely and with the consent of consumers. AISPs have "read-only" access to a consumer's bank account, whereas PISPs have "read-and-write" access. Businesses can also use other payment service providers, like AISPs or PISPs. This tends to be the preferred method for most businesses since AISPs and PISPs are already authorised and responsible for following the regulations. Therefore, outsourcing these services is quick and easy.
PSD2 allows online payments to be more streamline for consumers, who are able to give permissions for online merchants to access funds directly from their bank accounts using an integrated payment PSD2 API (AccountsIQ, 2018). Those with more than one account are able to access all their financial information and data in one place, using an account information service provider (AISP) (AccountsIQ, 2018). Third party service providers will need to be authorised and comply with the PSD2 regulations. As a result, consumers are more protected. PSD2 leads to better authentication processes and better protection against fraud (AccountsIQ, 2018).
Thanks to PSD2 and AIS, banking transactions that used to be paper-based are now able to be digitalised. Digitalisation benefits consumers by simplifying processes that spare time and effort. For example, consumers no longer have to tediously send and receive account statements, salary slips and other documents needed for credit checks when applying for a loan. Once consent has been granted by the consumer, the lending institute receives all the relevant information from an AISP. This information is already analysed and aggregated. This process empowers consumers to have control over their bank data and allows them to make informed decisions about which third party PSD2 providers can access their data.
Account Information Services (AIS) are able to leverage open banking data in order to improve their customer service as well as consumer satisfaction. AIS can use the enriched data to gain insights into spending behaviours and financial health of their consumers and offer customised services and suggestions that are tailored to specific consumer needs. consumers are again empowered as they can pick and choose between services and decide what’s best for them.
For a long time now, incumbent banks have had a monopoly on payment services. Also, before PSD2, banks have had to authorize payments for account holders (Arrk, n.d.). With PSD2, the playing field has been levelled when it comes to the payment services market. PSD2 means new opportunities have been created for third party service providers to create online payment products (Arrk, n.d.). Also, banks are forced to be transparent when it comes to offering credit or currency exchange rates.
PSD2 applies to institutions operating in payment service directive countries. Payment Services Directive 2 applies to banks and third party service providers. PSD2 requires banks to follow PSD2 api standards. This means they must open their payment infrastructure and consumer data assets to third parties that can then develop payments and information services to consumers (PWC, n.d.).
There are two general types of third party financial service providers- Account Information Service Providers, companies that provide account information services, and Payment Initiation Service Providers, companies that provide payment initiation services. Both were introduced to the regulatory framework when the Payment Services Directive came into force.
PSD2 was adopted in the UK by the Payment Services Regulations.
As PSD2 is a EU driven initiative, there are questions around whether or not the UK will need to comply post-brexit. PSD2 relates to the EEA not just the EU meaning most banks are planning for some form of an EEA relationship with the UK. Also, PSD2 is essential to interact and thrive in EU markets and there is a demand from banking experts to keep up with global PSD2 banking innovation (Exception, n.d.).
PSD2 does not apply to US companies. PSD2 is only enforced by the EU. However, PSD2 has the potential to revolutionise the payments industry so US companies should pay attention (GoCardless, n.d.).
The PSD2 full text can be found here.
AccountsIQ. (2018, January 2). What is PSD2? AccountsIQ.
Arrk. (n.d.). PSD2: Impacts on the Banking and Fintech Industry. Arrk.
Bröker, T. (2018, October 9). What is psd2 and how does it work? Onegini.
Cardinal. (n.d.). What’s new and now: UK extends deadline for SCA compliance. Cardinal.
European Commission. (2018, January 12). Payment Services Directive: frequently asked questions. European Commission.
European Payments Council. (2018, November 30). eIDAS and TPP Identification (PSD2). European Payments Council.
Exception. (n.d.). PSD2 – Brexit, disruption and you. Exception.
GoCardless. (n.d.). What does PSD2 mean for US businesses? GoCardless.
LeaderSSL. (n.d.). QUALIFIED SEAL CERTIFICATES (QSEALCs). LeaderSSL.
Lemonway. (2020, April 27). PSD2 for marketplaces: how does it work? Lemonway.
PWC. (n.d.). PSD2 – a game changing regulation. PWC.
Raisin. (n.d.). PSD2 - Guide. Raisin.
We frequently share industry news and Nordigen product updates to our closest friends, fintech innovators and industry experts. Sign up to our newsletter to hear more from us.
By providing your email, you accept