products
solutions
Customer Identity
customer identity
Create secure, frictionless, and compliant access for customers
B2B Identity
B2B identity
Connect and protect your business-to-business ecosystem
Gig Workers Identity
gig workers identity
Enable simple, secure access for your gig workers, contractors, seasonal staff and guest users
customers
Customers - Gradient
our customers
OneWelcome is trusted by a wide variety of enterprises in dynamic and highly regulated industries
Customer Reference Program - Gradient 2
customer reference program
Gain recognition for sharing your unique success story
company
About Us
about us
We provide simple and secure access to online services
Leadership
leadership
We’re committed to becoming the preferred identity vendor
Certifications and Standards
certifications and standards
We are endorsed with industry-acclaimed certifications
News
news
Get our latest news, stories, and market insights
Events
events
Find all our upcoming events and webinars and prepare for success
Careers
careers
Check out our open positions and join our talented team
Partners
partners
Enable smooth and secure identity journeys as a reliable partner
Contact
contact
Get in touch and keep your identity journey moving forward
resources
contact
get a quote get a quote
products
solutions
Customer Identity
customer identity
Create secure, frictionless, and compliant access for customers
B2B Identity
B2B identity
Connect and protect your business-to-business ecosystem
Gig Workers Identity
gig workers identity
Enable simple, secure access for your gig workers, contractors, seasonal staff and guest users
customers
Customers - Gradient
our customers
OneWelcome is trusted by a wide variety of enterprises in dynamic and highly regulated industries
Customer Reference Program - Gradient 2
customer reference program
Gain recognition for sharing your unique success story
company
About Us
about us
We provide simple and secure access to online services
Leadership
leadership
We’re committed to becoming the preferred identity vendor
Certifications and Standards
certifications and standards
We are endorsed with industry-acclaimed certifications
News
news
Get our latest news, stories, and market insights
Events
events
Find all our upcoming events and webinars and prepare for success
Careers
careers
Check out our open positions and join our talented team
Partners
partners
Enable smooth and secure identity journeys as a reliable partner
Contact
contact
Get in touch and keep your identity journey moving forward
resources
contact
logo
products
solutions
solutions
Customer Identity
customer identity
Create secure, frictionless, and compliant access for customers
B2B Identity
B2B identity
Connect and protect your business-to-business ecosystem
Gig Workers Identity
gig workers identity
Enable simple, secure access for your gig workers, contractors, seasonal staff and guest users
customers
customers
Customers - Gradient
our customers
OneWelcome is trusted by a wide variety of enterprises in dynamic and highly regulated industries
Customer Reference Program - Gradient 2
customer reference program
Gain recognition for sharing your unique success story
company
company
About Us
about us
We provide simple and secure access to online services
Leadership
leadership
We’re committed to becoming the preferred identity vendor
Certifications and Standards
certifications and standards
We are endorsed with industry-acclaimed certifications
News
news
Get our latest news, stories, and market insights
Events
events
Find all our upcoming events and webinars and prepare for success
Careers
careers
Check out our open positions and join our talented team
Partners
partners
Enable smooth and secure identity journeys as a reliable partner
Contact
contact
Get in touch and keep your identity journey moving forward
resources
contact
careers
documentation
support
get a quote get a quote
What do you need to be PSD2 compliant?

what do you need to be PSD2 compliant?

The European Union’s Revised Payment Services Directive (PSD2) has been in effect since 2018. As a business, you might be wondering exactly what it takes to be PSD2-compliant. Although the exact legislation may differ slightly across EU member states, the ground rules are all the same. We will set out some of the main requirements for you here. If you want to find out some more background information about PSD2 in general, please be sure to read our dedicated blog post.

What are the new rules under PSD2?
PSD2 opens the European financial services market, making it more integrated and more efficient. One major new change introduced by PSD2 was that banks and account-holding institutions must provide secure access to their accounts through APIs. Another purpose of the directive was to enable external service providers (so-called Third-Party Providers, or TPPs) to offer information and payment services directly to consumers.

Who must comply with PSD2?
PSD2 affects most anyone dealing with (digital) financial services. Its impact differs, though, depending on the focus of your business. For financial services providers, PSD2 has created new opportunities, as they can qualify as Third Party Providers (read more about the opportunities for TPPs in our dedicated article). Businesses that were using (bank-owned) payment or information services were able to obtain a TPP license under PSD2 to take those services in-house and reap the benefits of a range of insights based on payment behaviour.

For banks, PSD2 has meant increased competition from non-banking institutions for payment and information services, as well as the need to create APIs to give external service providers secure access to accounts. But banks can also choose to get in on the action by becoming TPPs themselves, allowing them to retain and improve their customer relationships by competing with external providers. Consumers have benefited from more innovative payment and financial services, and thanks to the more competitive market, prices for these services have dropped.

PSD2-compliance checklist
For banks and account-holding institutions:

  1. Set up a Consumer Identity and Access Management (IAM or CIAM) solution
    • Strong Customer Authentication (multi-factor and continuous authentication)
  2. Create APIs to access transactional payment data that support:
    • Fine-grained access control
    • Real-time access
    • Provide Access to Account (XS2A)

For TPPs:

  1. Obtain a Payment Initiator Service Provider (PISP) or Account Information Service Provider (AISP) licence
  2. Implement a Consumer Identity and Access Management solution to facilitate:
    • Strong Customer Authentication (multi-factor or continuous authentication)
    • Know Your Customer (KYC) and identity proofing capabilities
  3. Build secure applications featuring
    • User consent
    • Fine-grained access control

Strong Customer Authentication
One of the key PSD2 requirements for TPPs is to ensure strong authentication for their customers, as noted above. PSD2 defines strong authentication in the traditional way: something you have, something you know and something you are.

So, Strong Customer Authentication (SCA) means using a two- or multi-factor authentication (MFA) event from the very start. Although SmartCards, USB tokens and software tokens had been used for strong authentication in enterprise contexts in the past, banks and TPPs have been reluctant to use these IAM technologies under PSD2, because they are not user-friendly for consumers. Instead, banks and TPPs have greatly expanded their use of mobile apps, especially biometrics on smartphones.

How can OneWelcome help?
OneWelcome offers a CIAM platform you can use to start a TPP or become PSD2-compliant. Aside from offering a range of features to facilitate PSD2 compliance, the OneWelcome Cloud Identity Platform also allows you to create a tailor-made, frictionless login and authentication experience for your customers.

The OneWelcome Cloud Identity Platform provides a range of authenticators including advanced MFA mechanisms for both web and mobile authentication to meet and exceed the Strong Customer Authentication criteria. OneWelcome offers multiple levels of authentication including mobile push notifications, QR code logins, mobile biometrics and Single Sign-On (SSO).

Via our identity proofing module, you can easily set your required Identity Assurance Level (IAL) and choose from commercial and governmental bring-your-own-identity (BYOI) providers or document-centric identity proofing services.

In addition, via our consent management module, we embed consent in the user journey and allow consumers to view, edit, download and delete their personal and consent data. Deputy Privacy Officers can govern data and privacy protection processes in real time.

checklist Banks TPPs Supported by OneWelcome
XSA2    
Multi factor authentication
ISO 27001 certification  
KYC and Identity Proofing
A flexible platform with many integrations
Consent Management

 

Verify your PSD2 compliance today
Not sure whether your organisation is fully PSD2-compliant? We’re always happy to advise you on the best way forward—even if that doesn’t include our platform (although we are sure we can offer you great added value!). So, please feel free to contact us for a no-strings consultation or request a demo.

one solution: a million possibilities

simple and secure access to online services for European organisations
get in touch
let's talk
contact us contact us

Soesterweg 310E
3812 BH Amersfoort
The Netherlands

View directions in Google Maps

+31 33 445 05 50
info@onewelcome.com

© OneWelcome
solutions
customer identity B2B identity gig workers identity
about us
leadership customers why onewelcome corporate values certifications partners news resources get a demo
related websites
careers documentation support
Design by The Others
disclaimer terms of use privacy policy cookies responsible disclosure