OneWelcome_Cirkel edit_2_LR

what does PSD2 mean for third party providers?

The European Union’s Revised Payment Services Directive (PSD2) has leveled the playing field for external service providers dealing with the financial services sector. However, along with the official status of these Third-Party Providers (TPPs), it also introduced some new ground rules. Opportunities for TPPs abound, without question, but how can TPPs make sure they are getting the maximum benefit?

What is PSD2?
PSD2 is a directive created by the EU to promote more competition on the financial services market and strengthen security for online consumers. The directive went into effect in 2018 and introduced the concept of licensed external parties that can offer certain financial services to consumers: Third Party Providers, or TPPs. Banks and account-holding institutions are now required to give TPPs access to transaction and account information, so they can take over the direct relationship with the customer. This has dramatically reduced the barrier to entry to this market and created a range of opportunities for TPPs. You can read more about the background of PSD2 in our dedicated blog post.

Who can become a Third-Party Provider under PSD2?
TPP status offers great opportunities for all sorts of companies, especially those who already deal with some form of financial services such as:

To become a TPP and gain access to transaction and account information, companies must obtain an Account Information Service Provider (AISP) or Payment Initiation Service Provider (PISP) licence. Both new and existing companies can apply for one or both of these licences, as long as they meet the national PSD2 requirements of their member state.

What does PSD2 mean for Third Party Providers?
The two types of TPP licences reflect the activities that can be provided: services based on account information or payment initiation services. As long as TPPs comply with the security requirements under PSD2, the forms their services might take are near limitless. As such, PSD2 encourages TPPs to come up with innovative propositions that add real value. Some examples include:

  • Merchants taking the payments process in-house for a smoother customer experience
  • Apps that offer an overview of all your accounts across different banks
  • Insurance companies offering instant insurance cover based on recent purchases
  • Apps that help you save money based on your spending patterns
  • Banks offering quicker and more secure B2B loans

The beauty of this concept is that most TPPs are not subject to the same stringent regulatory burden as traditional banks and are typically not weighed down by the legacy IT infrastructure that constrains most banks. As a result, they can be much more innovative and adaptable, allowing them to meet market demand quickly and efficiently.

Banks and TPPs: A match made in heaven
When PSD2 first came into effect, its requirement to give third parties access to transaction data seemed like a loss for some banks. Yet, this requirement has actually proven to give banks the chance to become more competitive and improve customer relationships. By collaborating with innovative TPP partners or even taking things in-house and applying for their own TPP licence, banks have been able to offer all sorts of customer-focused services to stay one step ahead of the competition.

Security implementation
Of course, TPPs also need to respect the ground rules laid out by PSD2. After all, consumers are giving them access to highly personal and sensitive information. That is why PSD2 set some strict security requirements in place. The directive focuses on two main areas:

  • Strong customer authentication
  • Secure communications

To comply with these requirements, TPPs have to build a sophisticated and adaptable infrastructure. A Customer Identity and Access Management (CIAM) platform offers a convenient solution, as it helps you implement things like strong customer authentication, fine-grained access control, and user analytics, while allowing you to connect with banks and other payment services. You can read all about how to make sure you are PSD2-compliant in our dedicated article.

How OneWelcome can help you
OneWelcome offers a high-quality CIAM solution: The OneWelcome Cloud Identity Platform. This platform is fully PSD2- and GDPR-compliant, offering banking-grade security with a strong customer focus. OneWelcome is used by companies ranging from large e-commerce retailers to insurance companies, offering a seamless customer experience and top-of-the-line integration with new and existing applications. If your company is a TPP under PSD2, OneWelcome can supply the adaptable, streamlined infrastructure you need to remain fully compliant and set your service-offering apart.

Get started on your TPP infrastructure
Looking to become a licenced AISP or PISP? We’d love to hear your ideas and explore how OneWelcome's Cloud Identity Platform can help propel your business to the next level. Get in touch with us today via the 'get in touch' form below for a no-strings consultation.

one solution: a million possibilities

simple and secure access to online services for European organisations