PSD2 TPP (Third party provider)

 

PSD2 TPP definition

A third party provider is an authorised service provider that it’s not part of your relationship with the bank, but may be involved in the online transactions you perform or in the access to your account data.

Who are the PSD2 third party providers

In regard to open banking and PSD2 compliant third party providers, there are two types: payment initiation service provider (PISP) and account information service provider (AISP).

Payment initiation service provider

A payment initiation services provider is a service that can initiate a payment directly from a bank account at the request of an end user. In essence, after the consent by the user is given, a PISP can initiate a bank transfer/payment directly from the user's bank account without the need for card details.

Account information service provider

An account information service provider is an online service provider that can access specific information from a user’s bank account, such as balances and transactions. This access is only acquired upon user’s consent, and it is specific to certain groups of information.

PSD2 third party payment providers

A third party payment provider is a service that allows merchants to accept online payments without the need to have a merchant account. These providers are regulated and have their own merchant licence, using it to process payments for online business owner.

PSD2 third party payment providers need to ensure compliance by applying strong customer authentication (SCA) in their payment process flow.

What is strong customer authentication

Strong customer authentication is a European regulatory requirement to reduce fraud and make online payments more secure. It was embedded in the PSD2 directive to ensure an higher level of security for customers when making payments.

The application of SCA is done by using two-factor authentication (2FA), where customers need to provide two independent pieces of information to confirm their identity:

  • Something they own (e.g., smartphone)
  • Something they know (e.g., PIN code)
  • Something they are (e.g., fingerprint)

Third party payment providers responsibilities

After a business registered an account with a third party payment provider, they need to have a payment page setup up on their website/ecommerce shop. Every time a payment needs to be done, it’s processed exclusively through this page.

Even though the customer is purchasing a product from the business and through the business website, the responsibility in regard to the payment belongs to the third party payment provider. It’s his responsibility to ensure that all the requirements are met to guarantee compliance with PSD2 and the customer safety.

Some third party providers you should know about

  • Nordigen — aggregates regulated bank APIs with major European banks in a single API. One can access account holder name, bank account number and historic transactions with their consent, for free.
  • Afterbanks — their technology is a key piece in scoring and account ownership verification processes for real time loans. They also process payments by creating a single, standardized interface for all PSD2 APIs in Europe.
  • Neonomics — aggregates open banking APIs and provides these to other services along with compliance services. Ensuring that usage of open banking services are more available, while at the same time ensuring that the service is compliant and secure in regard to law and consumer policies.
  • Token.io — allows banks and other players in the payments' ecosystem, such as merchants and payment processors, to build bank direct payment methods and data aggregation solutions for their customers. The platform aims to raise security and reduce fraud and disintermediation. Unlike in-house developed solutions, Token supports the same API across all banks.
  • Saltedge — Aggregate users’ bank accounts with their consent and get balances, transaction data and verify their identity. Initiate payments and transfers from users’ accounts across Europe.
  • Tink — their open banking platform enables banks, fintechs, and startups across Europe to develop data-driven financial services. Through one API, Tink allows customers to access aggregated financial data, initiate payments, enrich transactions and build personal finance management tools.
  • Truelayer — enables companies to capitalise on new Open Banking initiatives in the UK, and the broader, European wide PSD2 rules by providing secure, clear and simple access to banking infrastructure.
  • Budget Insight — provide APIs to access accounts on more than 300 European banks and 200 invoice providers.
  • Bud Financial — brings together data from multiple banks via its proprietary aggregation technology. Bud’s machine learning capability uses lines of transactional data to understand users and to help highlight where they spend, how they can save and which financial services might be relevant for a user via the marketplace.
  • Plaid — is a data network powering the fintech tools that consumers have come to rely on to live healthier financial lives.

All third party providers with activity in Europe need to be registered with their respective national competent authority. Only by doing that, it is possible to acquire an account information services provider (AISP) or payment initiation service provider licence (PISP). If you would like to know which institutions are responsible for issuing AISP and PISP licences in Europe, you can find detailed information here.

PSD2 Third party provider FAQ

  1. What is a third party provider?

A third party provider is an external organisation which interacts with a bank to provide services to consumers.

  1. Are third party providers safe?

Open banking third party providers needs to comply with a strict set of regulatory requirements and be licenced by a competent authority before starting to provide services.

  1. What can a third party provider do?

There are two different types of third party providers in open banking: payment initiation service provider (PISP) and account information service provider (AISP).

  1. What is an account information services provider?

PISPs allow consumers to make online payments without having to request information on card details, with the payments being made straight from the customer bank account.

  1. What is a payment initiation services provider?

AISPs access customers bank accounts’ data to provide additional information in regard to transactions.

Get started now!

No trial period. No credit card. Free forever.

Join our Newsletter

We frequently share industry news and Nordigen product updates to our closest friends, fintech innovators and industry experts. Sign up to our newsletter to hear more from us.

By providing your email, you accept
Nordigen's Privacy Policy.