PSD2 the first legal framework towards open banking
What is PSD2?
The Revised Directive on Payment Services (Directive (EU) 2015/2366 – a.k.a. PSD2) is an EU legislation:
- effectively fostering the creation of a dynamic Financial Services ecosystem, with special focus on online & mobile payments
- through opening up secure access to account data (XS2A) from the Account Servicing Payment Service Providers (ASPSPs)
- primarily via the use of APIs
- to trusted Third Party Payment Service Providers (TPPs)
- enabling them to build services based on Account Information Service Provider (AISP) and / or Payment Initiation Service Provider (PISP)
- providing more options & flexibility to end users / Account owners
The PSD2 legislation is effective January 13th 2018. On March 13th 2018, the additional milestone for the enforcement of Regulatory Technical Standards (RTS) & Strong Customer Authentication (SCA), was published in the Journal of EU. By September 14th 2019 all banks need to have a developers portal with live APIs.
The key PSD2 stakeholders in action!
Try the PSD2 APIs live, in our Free PSD2 Sandbox, powered by aplonAPI
Compliance Timeline major milestones
1st deadline 13 January 2018
Deadline to Transpose PSD2 in Member States2nd deadline14 March 2019
Deadline for all European banks to have their own Developers Portal3rd deadline14 September 2019
18 months after their publication by the European Commission, the RTS on Strong Customer Authentication and secure and common communications enter into force.
PSD2 Glossary
| Acronym | What it means | Additional Information |
|---|---|---|
| API | Application Programming Interface |
A connector, available to TPPs, making it easier to develop a computer program by providing specific functionalities. In PSD2 the following APIs are available
- Authentication - Payment Initiation - Payment Status - Account Balance |
| AISP | Account Information Service Provider | A TPP, making use of PSD2 APIs only to request information regarding the Account Balance. e.g. to aggregate information across multiple accounts & provide a consolidated view of finances, such as a PFM |
| ASPSP | Account Servicing Payment Service Providers | An organization providing and maintaining Payment Accounts for customers. e.g. Banks & Financial Institutions |
| PISP | Payment Initiation Service Provider | A TPP, making use of PSD2 APIs only to make a payment. E.g. a Treasury Management System used by a corporate to automate outgoing Payments |
| PSD2 | The Revised Directive on Payment Services (Directive (EU) 2015/2366 – a.k.a. PSD2) is an EU legislation | The reason you’re looking at this page! PSD2 creates a major Open Banking paradigm for European Banks & is a template for similar projects across the globe |
| PSU | Payment Service Users | The end users of all the functionality put in place by PSD2. They can be either natural or legal persons & interact with TPPs & ASPSPs |
| RTS | Regulatory Technical Standards | The Regulatory Technical Standards on strong customer authentication and secure communication under PSD2 provide details & guidelines on the implementation of PSD2 |
| SCA | Strong Customer Authentication |
The SCA caters to the increased security needs for the new PSD2 environment. It requires two or more of the following independent elements to be used, for an electronic transaction to happen:
- Knowledge (something only the user knows, e.g. a PIN) - Possesion (something only the user possesses, e.g. key material) - Inherence (something the user is, e.g. fingerprint, voice recognition) |
| TPP | Third Party Payment Service Providers | Payment Institutions, which don’t hold payment accounts for their customers. AISPs & PISPS are specific types of TPPs |
| XS2A | Access to Account data | The provisions for third party secure ‘access to account’ under the PSD2 directive. This is the cornerstone needed to enable Open Banking under PSD2 |
Learn how aplonAPI enables PSD2 compliance in record time for Banks & Financial Institutions
Frequently requested answers
?PSD2 will affect the existing banking business models
- Loss of Fees from Card based transactions
- Loss of Customer “Ownership” & Insights
- Potentially reducing the switching cost & removing the “Barrier of exit” concern for existing customers
?Banks have 4 strategic options when dealing with PSD2
- Focus on compliance only
- Extend their APIs beyond the ones required by PSD2 & monetize their API offerings
- Work with TPPs to create customer centric services & monetize their customer insights
- Embrace & expand the Open Banking ecosystem to create completely new offerings & introduce new revenue streams
?You need an API Management Platform to properly handle the PSD2. This platform must
- Offer the PSD2 APIs & allow you to build additional ones
- Allow granular control of access, including support for SLAs
- Capture & Provide full audit trail for the real time monitoring & reporting of API transactions
- Include a Developer’s portal & sandbox to assist developers in accessing & utilizing the APIs aplonAPI™ by Payment
