Menu

Payment services directive 2 (PSD2) 101 - the future of cross border online payment

Friday, 08 Apr, 2022

Nowadays, one of the most recent financial measures launched by the European Union and the United Kingdom governments is particularly significant. That is known as the European Union's Second Payment Services Directive (PSD2). PSD2 was introduced at the start of 2018 to boost transaction speeds and address financial security concerns. The PSD2 according to many public authorities and financial professionals, is the next step toward more customer-oriented banking and financial services. Payment Services Directive 2 (PSD2) aims to make European payments more secure, promote innovation, and assist banking services in adapting to new technology.
Let’s keep reading to learn more about PSD2.

1. What is the Second Payment Services Directive (PSD2)?

The Second Payment Services Directive (PSD2) is a key component of European payments legislation that went into effect in January 2016. PSD2 is the result of a review of the original Payment Services Directive, and it mandates that payment service providers (PSPs) make significant modifications to their current operations. Except for some criteria around strong customer authentication and secure communication, which will be implemented on a different timeline, the Directive demands that all Member States implement these PSD2 regulations as national legislation by 13 January 2018.

The Second Payment Services Directive (PSD2)

The Second Payment Services Directive (PSD2)

KEY TAKEAWAYS:

  • It all started in 2007 with the Payment Service Providers Directive (PSD), which aimed to encourage innovation, competition, and efficiency in the European Union by contributing to the establishment of a single payment market.
  • In 2013, the European Commission recommended an amendment (which is where the two in PSD2 came from) to improve these goals. PSD2 is a significant evolution of existing regulations for the payments industry. PSD2 aims to promote consumer protection, increase competition and innovation in the payments market, and strengthen security, all of which are likely to aid the growth of new payment methods and eCommerce.
  • On 8 October 2015, the European Parliament approved the European Commission's proposal to create safer and more innovative European payment accounts (PSD2, Directive (EU) 2015/2366).
  • On November 16, 2015, the Council of the European Union adopted PSD2.
  • On 11/27/2017, Government Authorization Regulation (EU) 2018/389 added PSD2 regarding standard engineering procedures for defining customer strength and standard interfaces continued. variable expansion and safety.
  • PSD2 came into full effect on September 14, 2019, but due to a delay in implementation, the European Banking Authority has allowed a strong customer identification (SCA) deadline to December 31, 2020.
  • PSD2 reinforces data protection during online payment processing for European businesses and consumers

PSD2 ‘s Stages- payment services directive 2 summary

PSD2 ‘s Stages- payment services directive 2 summary

2. What is the significance of the PSD2 directive?

2.1. How important are PSD2 compliance requirements?

PSD2 is a significant step in creating a Digital Single Market in Europe, to modernize the EU's single market. The new requirements will also ensure that all PSPs (Payment Services Providers) operating in the EU are regulated and supervised. A wide range of stakeholders, including banks, other PSPs, FinTechs, and clients, will be affected.

2.2. What does PSD2 impact?

PSD2 will establish a single legal framework for businesses and consumers making and receiving payments both within and outside the European Economic Area (EEA), which includes the 28 European Union Member States as well as Norway, Iceland, and Liechtenstein.

Customers have the right to utilize Payment Initiation Service Providers (PISPs) and Account

Information Service Providers (AISPs) where their payment account is available online and they have given their explicit agreement, according to the PSD2 language. These shifts reflect an increase in e-commerce activity and the usage of internet and mobile payments, as well as new technology breakthroughs and a tendency toward clients having numerous account providers. This will make online and mobile payments more convenient, as well as allow customers to better manage their accounts and compare deals.

Other significant improvements brought about by PSD2 can be divided into four themes: market efficiency and integration, consumer protection, competition, choice, and security. The following are some more specific changes:

  • The scope of the project has been expanded to include all currencies and one-leg payment transactions.
  • Modifications to the exclusions' scope.
  • Payment institution passport, authorization rules, and oversight.
  • Consumer protection is important.
  • New payment services and new providers.
  • Management of operational and security risks, as well as incident reporting.
  • Strong customer authentication and secure communication requirements.

PSD2’s impact - a big change for convenient PSD2 solutions

PSD2’s impact - a big change for convenient PSD2 solutions

3. What is PSD2 regulation?

Some background information about the European Union's updated Second Payment Services Directive (PSD2):

The content of the Payment Services Directive (PSD2) of the European Union (European Union - EU) as changed into law in their various countries was concretized on January 13, 2018. PSD2 was updated to widen its scope, assign new responsibilities, and create new commercial opportunities. PSD2 aims to boost consumer protection, foster innovation, and improve the safety and security of payment services in the European Union. It was adopted by the European Parliament in October 2015 and the European Council of Ministers in November 2015. (EU). On December 23, 2015, the new directive was released and went into effect on January 13, 2016.

The updated Second Payment Services Directive's main text includes the following:

  • Firstly, the PSD2 must broaden the area of transactions covered: The Amendment Directive's scope of transactions has been expanded to include transactions in any currency and transactions in which the recipient or recipient sends money beyond the EU.
  • Secondly, Payment Service Providers (PSPs) are required to adhere to tougher guidelines. Every time a payer accesses a customer's identification, accesses your online payment account, performs an electronic payment transaction remotely, or does any other action through remote channels, you must know your customer (KYC) so Strong Customer Authentication(SCA) is required under the second payment services directive: SCA is a process in which cardholders are required to take extra steps during the payment process for purchases made online or when a card is not physically inserted into a Point of Sale machine by using at least two of the following three methods: something the customer knows (such as a password or PIN), something the customer has (such as a phone or hardware token), or something the customer is (such as a phone or hardware token) (such as a fingerprint). This is referred to as two-factor authentication.

PSD2’s regulation- PSD2 compliance, PSD2 security requirements, and PSD2
    authentication

PSD2’s regulation- PSD2 compliance, PSD2 security requirements, and PSD2 authentication

  • Thirdly, the PSD2 helps internal conflict resolution: Establish and implement appropriate and effective complaint resolution methods, as well as a maximum processing time for customer complaint resolution.
  • Fourthly, the PSD2 controls payment origination service providers (PISPs) and the formation of payment orders: as a result, payment service providers registered in the EU are required to provide secure methods of communication, notify PIPS of payment commencement, and handle all payment orders similarly. The math has been set up.
  • Fifthly, account information services: A third-party provider that provides account information aggregation services must be provided access to a payment service user's account. PSD2 governs the roles and responsibilities of account information service providers, as well as the roles and responsibilities of payment service providers.

In addition, the revised Second Payment Services Directive includes a number of other things, such as (i) Replacement of lost or stolen payment instruments at an apportionable cost; (ii) Minimize liability for the payer in case of unauthorized transactions, and (iii) Extend the registration period when joining PSP.

"Account Access" is one of the highlights of the new Payment Services Directive (XS2A). According to research conducted in the European financial industry, most financial institutions (FIs) regard the "account access" provision of the revised Second Payment Services Directive as the most important provision in terms of implementation and operation, impact on technical systems, and risk mitigation strategies. Giving Market makers and players access to payer accounts for Payment Initiation Service Provider (PISPs) and Account Information Service Providers (AISPs) allows them to improve, expand, or even restructure existing products and services.

4. How does the PSD2 work?

PSD2 requires EU banks and other account-holding institutions to give APIs to licensed third-party service providers (so-called Third-Party Providers, or TPPs). Following the receipt of their license, these TPPs can utilize the APIs to deliver a variety of payment and information services, ranging from consumer apps that provide a single point of access to all of your numerous bank accounts to software that helps e-commerce websites accept direct payments.

5. Which are the types of PSD2 services?

PSD2 regulates and harmonizes two types of services that were already in use when the PSD1 was implemented in 2007, but have grown in popularity in recent years: Payment Initiation Services (PIS) on the one hand, and Account Information Services (AIS) on the other hand.

5.1. Account Information Services (AIS)

Account Information Services (AIS) are the collection and storing of data from a customer's many bank accounts in a single location, allowing users to get a comprehensive picture of their financial condition and readily analyze their expenses and financial demands.

Account Information Service (AIS) - one of PSD2 services

Account Information Service (AIS) - one of PSD2 services

5.2 Payment Initiation Services (PIS)

Payment Initiation Services (PIS) make it easier to use online banking to make payments. These services assist in initiating a payment from a consumer's account to a merchant's account by providing an interface to connect the two accounts, filling in the necessary information for a bank transfer (transaction amount, account number, message), and telling the shop of the transaction. PSD2 also enables customers to pay a third party through a bank's app using any of their accounts (whether they belong to this entity or not).

Payment Initiation Service (PIS) - one of PSD2 payment services

Payment Initiation Service (PIS) - one of PSD2 payment services

TPPs (Third Party Providers) have so far experienced a number of roadblocks that have stopped them from providing large-scale solutions in the European Union's various countries. Due to the introduction of new players and the provision of these services by existing actors, the removal of these obstacles is projected to result in increased competition. TPPs will be required to follow the same laws as traditional payment service providers, including registration, authorization, and oversight by responsible authorities.

The inclusion of new security criteria, known as Strong Customer Authentication, is another important change in PSD2 (SCA). This entails the use of two PSD2 authentication factors for previously unrequired bank operations, such as payments and account access via the internet or mobile apps, as well as a stricter definition of what constitutes an authentication element.

Customers will notice changes in the way they authorize purchases online, primarily in the authentication factors they use, with reinforced authentication being the default level of security, and the written information on the card (card number, expiration date, and CVV) will no longer be a valid factor for authentication.

6. PayCEC payment gateway adheres to the Second Payment Services Directive (PSD2)

At PayCEC, we are a global 3d payment gateway provider, specializing in online card payments. We comply with Strong Customer Authentication(SCA), which is referred to as two-factor authentication required under the Second Payment Services Directive (PSD2). SCA is a process in which cardholders are required to take additional steps during the payment process for purchases made online or when a card is not physically inserted into a Point of Sale machine by using at least two of the three methods: something the customer knows (such as a password or PIN), something the customer has (such as a phone or hardware token), or something the customer is (such as a phone or hardware token) (such as a fingerprint).

We have developed our payment API that helps merchants and buyers have the best service and protect them from scams.

Merchants can set up their online store in a blink of an eye and start to receive online card payments from customers with the PayCEC payment gateway. You can follow the below steps to install your payment platform:

Enter Information

Enter Information

Sign up with PayCEC team by click to button below

Sign Up

Enter Information

Document Submission

Prepare your company profile including:

  • Company website
  • Business information
  • Business activities
Integration Support

Integration Support

Our Relationship Manager will contact you and support you in processing and integrate your merchant account

GO LIVE

GO LIVE

Use fully features of our payment service on Dashboard

Read more:

About us

PayCEC was established in response to the growing need for businesses to accept online payments more quickly and easily. In the new media era, our payment flow has evolved to work seamlessly and effectively across all platforms and devices. We pride ourselves on combining superior technology with first-class customer service.

PayCEC is a truly global payments platform that not only allows customers to get paid but also withdraws funds to their Business accounts in various currencies.

We have created an open and secure payments ecosystem where people and businesses choose to securely transact with each other online and on mobile devices.

PayCEC Team

Frequently Asked Questions

According to the PSD2 principle, Customer authentication is required for all electronic payment methods across the EU and other member countries. Since the full enforcement of PSD2, all merchants inside the EEA should be SCA ready.

Local payment options and mobile wallets, in addition to 3D Secure, can help you meet SCA standards. In particular markets and use cases, these have the extra benefit of raising conversion rates.

The Payment Services Directive scope applies to the payment industry in the European Union. This means that all members of the EU need to apply PSD2 compliance in their payment transactions.

PSD2 expands a number of duties, including information obligations, to payments to and from third countries where one of the payment service providers is headquartered in the European Union. PSD1 only applies to intra-EU payments.

The expansion of the scope has mainly affected EU-based banks and other payment service providers. In reality, this means that, at least for their portion of the transaction, these financial services providers must give information and transparency on the prices and conditions of these international payments. They may also be held responsible for their part of the payment transaction if something goes wrong that is attributable to them.

Furthermore, the scope expansion will have the effect of applying the same regulations to payments made in a currency that is not denominated in Euro or another Member State's currency.

PSD2 expands the scope of PSD1 by allowing access to payment accounts for new services and players, as well as existing services (payment instruments issued by payment service providers who do not administer the account of the online payment user).

The EU Payment Services Directive (PSD 1) is a European Union directive that governs payment services. PSD1 (2007/64/EC) is intended to assist in the development of the Single Euro Payments Area (SEPA), as well as to establish common standards for terms and conditions, regulate payment institutions (to encourage non-banks to join the industry), improve consumer protection and transparency, and set maximum processing times for payments in euro and other EU currencies.

The Revised Payment Services Directive (PSD2, Directive (EU) 2015/2366, which replaced the Payment Services Directive (PSD), Directive 2007/64/EC) is an EU Directive that governs payment systems and service providers within the European Union (EU) and the European Economic Area (EEA) (EEA).

PSD2 is an EU directive that establishes criteria for payment service providers. It will affect banks and building societies, payment institutions, e-money institutions, and their clients.

The PSD2 was designed to promote pan-European competition and non-bank engagement in the payments business, as well as to assure equality by standardizing consumer, payment provider, and user rights and obligations. The PSD2 directive's main goals are to make the European payments market more interconnected, as well as to strengthen payment security and consumer protection.

According to the PSD2 principle, Customer authentication is required for all electronic payment methods across the EU and other member countries. Since the full enforcement of PSD2, all merchants inside the EEA should be SCA-ready.

Local payment options and mobile wallets, in addition to 3D Secure, can help you meet SCA standards. In particular markets and use cases, these have the extra benefit of raising conversion rates.

The Revised Payment Services Directive (PSD2, Directive (EU) 2015/2366, which replaced the Payment Services Directive (PSD), Directive 2007/64/EC) is an EU Directive that regulates payment systems and payment service providers throughout the European Union (EU) and European Economic Area (EEA).

The PSD's goal was to encourage pan-European competition and non-bank participation in the payments industry, as well as to ensure equality by standardizing protection for consumers and payment providers' and users' rights and obligations. The PSD2 directive's main goals are to create a more integrated European payments market, improve payment security, and consumer protection.

PSD2 aims to set out a common legal framework that affects businesses and consumers when making and receiving payments within the European Economic Area (EEA) – which comprises the 28 European Union Member States plus Norway, Iceland and Liechtenstein – and outside the EEA as well as financial institutions and banks and third party payment service providers.

PSD2 regulates and harmonizes two types of services that were already in use when the first PSD was implemented in 2007, but have grown in popularity in recent years: Payment Initiation Services (PIS) on the one hand, and Account Information Services (AIS) on the other.

  • Account Information Services (AIS) are the acquisition and storing of data from a customer's various bank accounts in a single location, allowing users to get a comprehensive overview of their financial condition and readily analyze their spending and financial demands.
  • Payment Initiation Services (PIS) is the use of online banking to make payments. These services assist in initiating a payment from a consumer's account to a merchant's account by providing an interface to connect the two accounts, filling in the necessary information for a bank transfer (transaction amount, account number, message), and notifying the store of the transaction. PSD2 also enables customers to pay a third party through a bank's app using any of their accounts (whether they belong to this entity or not).

It's a common misconception that if you want to provide payment services to clients, you need your own license. In fact, you can use another company's license to become a PSD agent or an EMD agent, which means you can work for a permitted E-money or Payment institution.

When you work as an EMD or EMI (Electronic Money Institution) agent, you are essentially providing payment and e-money services on behalf of a licensed electronic money institution (as defined in the E-money Directive 2, EMD2). You effectively have a sublicence based on the licensed company's authorization.

A PSD or PI (Payment Institution) agent is nearly similar, with the exception that the Payment Services Directive 2 defines an authorized payment institution (PSD2). Again, you have a sub license to deliver these services on the back of another party who is completely authorized to do so.

After Brexit, the UK still follows the majority of the PSD2 legislation and guidelines, with a few minor changes. It will almost certainly be subject to European legislation, particularly in terms of privacy and data protection. This is true not only for the United Kingdom, but for many other non-EU countries as well. The EU standards for applying technical components of PSD2 were broadened as "Open Banking" standards specifically to make it easier for the UK and other nations or territories to adopt them.

The European Parliament adopted the European Commission's proposal to make European payments safer and more innovative (PSD2, Directive (EU) 2015/2366) on October 8, 2015. The present guidelines are intended to better protect consumers when making online payments, promote the development and usage of new online and mobile payments, such as open banking, and make cross-border European payment services safer.

Users who have an online banking account can now make payments or see their bank statements using software produced by licensed third parties under the new Payment Services Directive (PSD2) (PISP and AISP).

What is the impact?

  • Banks

To comply with regulatory requirements, European banks must disclose their data and infrastructure. Despite the fact that PSD2's stated focus is on payments and account access, its effects go much beyond that.

Banks could take an ecosystem or platform strategy by integrating third-party capabilities into their core business products through APIs, resulting in new revenue models and income streams. Banks might work with other infrastructure providers, corporations, and FinTechs to reduce the cost and time it takes to bring new products to market.

While most banks' initial focus for PSD2 was on retail banking, strong competitors are already using open APIs in transaction banking and investment services to provide superior customer experience, knowledge, and value to corporate and retail customers, while also extracting bank-wide efficiencies.

  • Payment Companies

PSD2 will promote open access to payment systems and accounts, hence increasing competition in the payments sector.

Although PSD2 may be seen as a threat to payment processing firms with its traditional business models, there is potential to provide integration services into third-party networks and apps, as well as merchant point-of-sale systems.

PSD2 may have an impact on credit card firms' and card divisions of banks as retailers and other businesses transition to open APIs instead of card processing. Visa and Mastercard have launched new innovation efforts aimed at generating new revenue streams and services.

  • Other Ecosystem Participants

Because of the "Third Party Access" rules, PSD2 will not only produce new PSPs, but also new competitors. PSD's Open Banking rules allow non-banks, corporations (such as Amazon), and FinTech enterprises to acquire direct access to consumer bank accounts in order to conduct payments and/or obtain customer data. According to one UK retail bank, if the ten largest retailers become PSPs, they might lose £20 million per year in revenue.

  • End users

Users are embracing new technology from the standpoint of the end user; the amount of online and mobile payments has expanded dramatically, and customers will be able to make rapid payments via mobile wallets on various p2p accounts and toward operators with complex capabilities.

Greater cost transparency and charge protection, as well as reduced liability for customers who make fraudulent payments, will improve consumer protection.

PayCEC is a global payment service provider. We operate our services across continents and we comply with all international and local regulations in payment activities. PayCEC meets the PCI DSS compliance requirements to help protect customer datas on the internet environment and merchants from fraudulence and chargeback issues.

PayCEC provides payment services for European merchants as well as consumers, therefore, we also adopted PSD2 practice to enhance 3D-secure which is the common agreement between payment and financial members in the European Commission.

The Payment Card Industry Data Security Standard (PCI DSS) is a set of industry-mandated requirements for any business that handles, processes, or stores branded credit cards from the major card schemes.

PCI DSS is maintained by the Payment Card Industry Security Standards Council, a group created in 2004 after MasterCard, Visa, Discover, JCB, and American Express collaborated to create a universal platform to prevent fraud whenever credit card information is being transmitted.

It depends on the decision of each European Union Member State who is responsible for appointing a National Competent Authority in charge of issuing and monitoring account information service provider (AISP) licenses. 

PSD2 is implemented in the United Kingdom by the Financial Conduct Authority (FCA), which regulates financial firms and markets in the country. The FCA is in charge of determining which third-party providers (TPPs) can be licensed or registered, as well as monitoring TPPs' PSD2 reporting duties. The FCA also handles all complaints directed at a third-party source.

National Competent Authorities:

  • AT - Austria - Austrian Financial Market Authority
  • BE - Belgium - National Bank of Belgium
  • BG - Bulgaria - Bulgarian National Bank
  • CY - Cyprus - Central Bank of Cyprus
  • CZ - Czech Republic - Czech National Bank
  • DE - Germany - Federal Financial Supervisory Authority
  • DK - Denmark - Danish Financial Supervisory Authority
  • EE - Estonia - Estonian Financial Supervision Authority
  • ES - Spain - Bank of Spain
  • FI - Finland - Finnish Financial Supervisory Authority
  • FR - France - Prudential Supervisory and Resolution Authority
  • GR - Greece - Bank of Greece
  • HR - Croatia - Croatian National Bank
  • HU - Hungary - Central Bank of Hungary
  • IE - Ireland - Central Bank of Ireland
  • IS - Iceland - Central Bank of Iceland
  • IT - Italy - Bank of Italy
  • LI - Liechtenstein - Financial Market Authority Liechtenstein
  • LT - Lithuania - Bank of Lithuania
  • LU - Luxembourg - Commission for the Supervision of Financial Sector
  • LV - Latvia - Financial and Capital Market Commission
  • MT - Malta - Malta Financial Services Authority
  • NL - Netherlands - The Netherlands Bank
  • NO - Norway - The Financial Authority of Norway
  • PL - Poland - Polish Financial Supervision Authority
  • PT - Portugal - Bank of Portugal
  • RO - Romania - National Bank of Romania
  • SE - Sweden - Swedish Financial Supervisory Authority
  • SI - Slovenia - Bank of Slovenia
  • SK - Slovakia - National Bank of Slovakia

The scope of PSD2:

PSD2 expands the scope of PSD1 by allowing access to payment accounts for new services and players, as well as existing services (payment instruments issued by payment service providers who do not administer the account of the online payment user).

PSD2 is the replacement to the EU's first Payment Services Directive (PSD), which was implemented in 2007. To foster the development of safer, more innovative payment systems, this Act established an EU single market for payments. The PSD authors also wanted to make cross-border payments within the EU as simple, efficient, and secure as transfers within a single member state.

PSD2 improves on earlier regulations in the three categories in below details:

  • Customer rights have been strengthened in areas such as complaint management, paying fees, and currency conversion.
  • SCA (Strong Customer Authentication) criteria improve security.
  • Providing a platform for new payment and account services by allowing third-party access to account information.

PSD2 entered into effect on September 14, 2019, however the European Banking Authority extended the strong customer authentication (SCA) deadline until December 31, 2020, due to delays in implementation.

The Media

Finextra One IBC Yahoo Finance
About us

who we are

about us

We are honored to serve as your reliable business partner and financial service provider in the industry and other business-related services. With the help of our professional staff, to help merchants to achieve their goals for the development and expansion of the international business market.

Our payment flow has developed in the e-commerce world to perform seamlessly and effectively across all platforms and devices. We take pleasure in combining technology with customer service, to solve your concerns at the moment.

PayCEC is a fully worldwide payment network that not only allows merchants to be paid immediately and securely, but also allows them to withdraw money in multiple currencies to their company accounts.

We will contact you shortly.

Email Phone
Scroll top