PSD2 is the second Payment Service Directive, designed and used by countries of the European Union and the European Economic Area with the aim to modernize payment services throughout Europe. PSD2 transforms the banking industry by requiring existing account-holding financial institutions, for instance, traditional banks, to grant access to customer payment and account information to new emerging players known as third-party payment service providers. This exchange of data boosts competition in the market, encourages institutions to create innovative services, and deliver more and better choices for consumers. PSD2 separates financial institutions, financial technology companies, and other entities that can be third-party payment service providers into two distinct categories explained below.
Account Information Service Providers, also known as AISPs, are third-party providers that can connect to and access consumer's account payment information to enable a consumer to view or aggregate their account details and information from an account-holding financial institution for the purpose of managing their budgets, applying for mortgages and loans, comparing prices, etc.
Payment Initiation Service Providers, also known as PISPs, are third-party providers that can initiate online payments from a customer's account on their request. In other words, PISPs allow a consumer to make transactions from one or more of their accounts held by different financial institutions.
Allowing access to consumer's account data, PSD2 also requires companies that undertake payment initiation services or account information services via an online platform or mobile application on behalf of the consumer to ensure the security of sensitive payment information of their consumers. Also, entities that provide one or both of these payment services are able to meet their liabilities to customers and banks, resulting from the provision of their services. To cover potential liabilities, PSD2 demands AISPs and PISPs to hold Professional Indemnity Insurance, also known as PII. The European Banking Authority issues guidance on what the PII must address to be suitable for third-party providers. Under PSD2, PISPs must ensure to cover liabilities arising from unauthorized payment transactions, non-execution, defective or late execution of payment transactions. Also, PSD2 requires AISPs to hold insurance that covers any liabilities resulting from unauthorized or fraudulent access or unauthorized or fraudulent use of a customers’ payment account information. To ensure the level of cover or guarantee put in place is appropriate, the European Banking Authority provides a formula for calculating the minimum monetary amount of the PII. This minimum monetary amount is based on the number of payment transactions authorized or payment accounts accessed, the range of business activities undertaken, and the number of clients or amount of transactions in a given period. Professional indemnity PSD2 insurance is crucial for PISPs and AISPs because it protects third parties against claims for alleged negligence or breach of duty arising from an act, error, or omission in the performance of their services and helps achieve better compliance with the requirements of PSD2. However, the PSD2 professional indemnity insurance does not cover the liability towards a third party who has suffered for loss or expenses resulting from a cyber-attack or theft. So AISPs and PISPs should also consider the broader insurance program combined with the PII coverage provided by PSD2.
We frequently share industry news and Nordigen product updates to our closest friends, fintech innovators and industry experts. Sign up to our newsletter to hear more from us.
By providing your email, you accept