Tips PSD2 Compliant - Nordigen

Get your business ready: tips on how to be compliant with PSD2

| Article by: Antonis KazoulisProfile Image Antonis Kazoulis 5 min

What is PSD2 compliance?

PSD2 was set in motion in September 2018, as the newest edition of payments regulation in the European Union. In a single regulatory effort the EU is trying to:

  • Boost innovation and competitiveness in the payments sector
  • Increase security and protect consumer rights

To achieve those goals, PSD2 outlines certain compliance requirements and controls that banks, financial institutions and third-party providers need to comply with.

This page will help you assess how prepared your business is to embrace open banking technology. Then we will give you the tips and steps you need to follow to ensure you won’t overlook any important PSD2 directives and rules.

Compliance is the ability to conform and follow a certain ruleset, regulation, laws, or policies. The reason PSD2 compliance is still challenging to get right is that it touches upon many different areas of the business and overall customer experience.

It’s a policy that is essentially redefining the way businesses should approach and execute payments operations. It’s not one more thing you need to worry about but a signal on where to shift focus if you want your business to make the most of the countless open banking opportunities.


PSD2 readiness quiz

Instructions: Read the questions carefully, note down your answers, and don't have a peak at the answers before finishing the quiz. Tip: some answers can be found on this page, or the linked pages within the content. An example of a helpful resource is the Strong Customer Authentication page.

What are regulators trying to achieve by introducing PSD2?

  1. Increase innovation in the payments market
  2. Increased competition between financial institutions
  3. Decrease fraud
  4. All of the above

What are the new expected dates for enforcement on the requirement to perform Strong Customer Authentication (SCA) for e-commerce transactions?

  1. October 14, 2022
  2. April 14, 2022
  3. September 14, 2022  
  4. March 14, 2022

Not all transactions fall in the scope of PSD2. Which transaction type(s) are excluded from the PSD2?

  1. Card on file transactions
  2. Recurring transactions
  3. Credit card transactions
  4. Mail Order/Telephone Order (MOTO) transactions

What amount qualifies for a low-value SCA exemption?

  1. Payments less than 50 Euros
  2. Payments less than 15 Euros
  3. Payments less than 30 Euros
  4. Payments less than 35 Euros

Who approves/disapproves of an SCA exemption?

  1. Merchants
  2. Issuers
  3. Acquirers
  4. Card schemes

After scrolling to the very bottom of the page to check your PSD2 compliance readiness, be sure to scroll back here to see how you can prepare in order to nail the actual, real-life PSD2 test.

We have prepared a “cheat sheet” if you may, that outlines the most important areas of PSD2 compliance. This checklist clearly outlines how PSD2 affects your business and what you need to do in order to hit all the checkpoints required.


Prepare PSD2 compliance

How to prepare for PSD2 compliance: PSD2-compliance checklist and tips

Here is a handy checklist for you to tick off each step.

For banks and account-holding institutions

  • Set up a Consumer Identity and Access Management (IAM or CIAM) solution
  • Strong Customer Authentication (multifactor and continuous authentication)
  • Enforce Transaction Risk Analysis solutions that comply with the Regulatory Technical Standards (RTS) for PSD2

Create APIs to access transactional payment data that support:

  • Fine-grained access control
  • Real-time access
  • Provide Access to Account (XS2A)

For Third Party Providers

Implement a Consumer Identity and Access Management solution to facilitate:

  • Strong Customer Authentication
  • Know Your Customer (KYC) and identity proofing capabilities

Set up secure applications featuring:

This checklist covers some of the main steps you need to take in order to successfully comply with the PSD2 regulation. Below, you will find an extended explanation of more initiatives you need to consider to bulletproof your compliance approach.

Keep your customers in the loop

Being transparent with your user base is critical on all facets of your business, let alone something as technical and sensitive as banking data. One of the first things to keep your customers updated and engaged with changes, is making technical language, as well as terms and conditions, simpler to understand.

No more checkout fees on certain verticals

Food, travel ticketing, food and delivery websites used to apply a surcharge on checkout. Under the PSD2, you are prohibited from adding these charges and this applies to both B2C and B2B contexts.

Audit your current operations and workflow

Before making any changes to the way your business operates, it’s important to outline your current workflow and operations. Map out your internal operations in order to see how the new compliance regulations are affecting your business. These changes are not patches on an existing structure but a call for change on a much larger scale.


What are PSD2 complaints and how do you deal with them?

PSD2 complaints requirements came into force on 13 January 2018. They introduced a new way to resolve disputes including amendments to timeframes, promoting greater urgency. Moreover, there was further complaint reporting revisions that came into force on 13 July 2018.

Here are the key requirements of the revised complaints documentation:

  • Complaints must be dealt with and responded to in a written manner within 15 business days.
  • In some exceptions, the complaint can be handled in 35 business days, though a customer must be informed about it.

In cases where payment service providers fail to comply with the updated PSD2 complaints regulations or are not in full understanding of what is a PSD2 complaint, a customer can forward their position to the Financial Ombudsman Service.

This should be done after the 15 business day limit if a complainant has not received any correspondence from the payment service provider. In cases where a customer has confirmation of an accepted complaint, they can refer to the Financial Ombudsman Service 35 days after the confirmation.

Moreover, payment service providers now are obliged to complete Payment Services Complaint Return (PSCR) on an annual basis.

Still some questions regarding PSD2 concepts and definitions? Have a quick follow up on our dedicated FAQ page.

Quiz answers:

  • Question 1: All of the above
  • Question 2: 14 March 2022
  • Question 3: Recurring transactions
  • Question 4: Payments less than 30 Euros
  • Question 5: Issuers


Recommended articles