A third party provider is an authorised service provider that it’s not part of your relationship with the bank, but may be involved in the online transactions you perform or in the access to your account data.
In regard to open banking and PSD2 compliant third party providers, there are two types: payment initiation service provider (PISP) and account information service provider (AISP).
A payment initiation services provider is a service that can initiate a payment directly from a bank account at the request of an end user. In essence, after the consent by the user is given, a PISP can initiate a bank transfer/payment directly from the user's bank account without the need for card details.
An account information service provider is an online service provider that can access specific information from a user’s bank account, such as balances and transactions. This access is only acquired upon user’s consent, and it is specific to certain groups of information.
A third party payment provider is a service that allows merchants to accept online payments without the need to have a merchant account. These providers are regulated and have their own merchant licence, using it to process payments for online business owner.
PSD2 third party payment providers need to ensure compliance by applying strong customer authentication (SCA) in their payment process flow.
Strong customer authentication is a European regulatory requirement to reduce fraud and make online payments more secure. It was embedded in the PSD2 directive to ensure an higher level of security for customers when making payments.
The application of SCA is done by using two-factor authentication (2FA), where customers need to provide two independent pieces of information to confirm their identity:
After a business registered an account with a third party payment provider, they need to have a payment page setup up on their website/ecommerce shop. Every time a payment needs to be done, it’s processed exclusively through this page.
Even though the customer is purchasing a product from the business and through the business website, the responsibility in regard to the payment belongs to the third party payment provider. It’s his responsibility to ensure that all the requirements are met to guarantee compliance with PSD2 and the customer safety.
All third party providers with activity in Europe need to be registered with their respective national competent authority. Only by doing that, it is possible to acquire an account information services provider (AISP) or payment initiation service provider licence (PISP). If you would like to know which institutions are responsible for issuing AISP and PISP licences in Europe, you can find detailed information here.
A third party provider is an external organisation which interacts with a bank to provide services to consumers.
Open banking third party providers needs to comply with a strict set of regulatory requirements and be licenced by a competent authority before starting to provide services.
There are two different types of third party providers in open banking: payment initiation service provider (PISP) and account information service provider (AISP).
PISPs allow consumers to make online payments without having to request information on card details, with the payments being made straight from the customer bank account.
AISPs access customers bank accounts’ data to provide additional information in regard to transactions.
We frequently share industry news and Nordigen product updates to our closest friends, fintech innovators and industry experts. Sign up to our newsletter to hear more from us.
By providing your email, you accept