what is PSD2 and how does it work?
The European Union’s Revised Payment Services Directive (PSD2), was designed to push the financial services market in Europe in a safe and secure way by amending the ground rules for financial services providers. The directive requires all EU member states to include these new rules in their national laws and regulations.
How does PSD2 work?
Under PSD2, banks and other account-holding institutions in the EU are required to provide APIs for licensed external services providers (so-called Third-Party Providers, or TPPs). After obtaining their licence, these TPPs can use the APIs to offer a range of payment and information services; from consumer apps that provide a one-stop overview of all your different bank accounts, to software that helps e-commerce websites facilitate direct payments.
Who can become a TPP?
The directive distinguishes between two types of TPPs: Account Information Service Providers (AISPs), which provide account information services, and Payment Initiation Service Providers (PISPs), which initiate payments. Different licences are issued to reflect the nature of the activity. Businesses can also obtain a TPP license, so that payment and information services can be taken in-house. Potential TPPs und PSD2 include:
- Fintech companies
- Big tech companies
- Insurance companies
What does PSD2 mean?
PSD2 has opened up interesting opportunities for businesses: Integrated payment and information services (whether in-house or provided by an external TPP) improve the customer experience and provide access to a wealth of customer information and insights.
At the same time, PSD2 has brought a number of technical challenges for banks and TPPs. In most cases, IT infrastructure needed to be changed to facilitate TPP access. PSD2 also introduced strict security and authentication requirements that needed to be implemented across all access points. You can read all about making sure you are PSD2 compliant in our in-depth article.
PSD2 has presented unique opportunities and challenges depending on your business situation. We outline the implications of PSD2 for Third Party Providers and for insurance companies in two dedicated articles.
PSD2 was created to promote a more integrated and competitive financial services market in the EU while protecting and strengthening consumer rights. Traditionally, financial and payment services were mostly offered by banks and related institutions, leading to a relatively closed market. This directive has opened the market, allowing easier access for existing businesses as well as fintech companies who can provide agile, innovative payment services for consumers and businesses alike.
How did PSD2 come about?
The directive is nicknamed PSD2 because it is a follow-up of the original Payment Services Directive of 2007. It came into effect in January 2018, and all companies were required to become compliant with the national laws and regulations pertaining to PSD2 by September 2019. The original PSD provided a legal foundation to improve the ease, efficiency and security of cross-border payments within the EU. It was instrumental to the implementation of the Single European Payments Area (SEPA), lowered the barrier to entry for payment institutions, and offered consumers increased freedom of choice in the payment solutions they wished to use.
In 2013, the European Commission proposed a review of PSD due to innovations in the payment services market, which were unaccounted for in the existing regulations. The Commission also noted that the rules from the original directive tended to be applied differently across member states. PSD2 provides updated ground rules for new players on the payment services market while also updating the definitions of the regulations set out in PSD to smooth out any differences between the member states.
How does PSD2 work in OneWelcome's Cloud Identity Platform?
OneWelcome's Cloud Identity Platform is a flexible, white-label Customer Identity and Access Management (CIAM) solution with strong authentication and security features. On top of that, the platform facilitates a seamless customer experience. TPPs and insurance providers can use OneWelcome to implement banking-grade, PSD2-compliant security while offering customers the frictionless user experience they are looking for. That way, OneWelcome gives businesses a competitive advantage while ensuring that their technology is PSD2- and GDPR-compliant at all times.