PSD2 – the Payment Services Directive

PSD2 Payment Services Directive Open Banking Payment service provider security protocol.

by Maurizio Garzelli, Principal Services Consultant, APIIDA AG

What is PSD 2?

PSD2 is the second Payment Services Directive, designed by the countries of the European Union. The first payment directive was PSD, or, as many in the mainstream world would know it as SEPA (although they are two different things: PSD provides the legal framework for SEPA).

PSD2 is the European Payment and European Banking association’s answer to an ever-evolving phenomenon called digitalization and this particular directive affects the payments industry, affecting everything from the way we pay online, to what information we see when making a payment.

Chances and changes

It will break down the bank’s and card’s monopoly on their user’s data. It will allow businesses like Amazon, to retrieve your account data from your bank – with your permission (of course). Meaning that they can make a payment for you, without the help of any third party such as PayPal or the sort.

The changes would also allow having Account Information Service Providers to display all their account information in one place for them. Which would be useful in case of customers with multiple bank accounts, since they could use trusted portals to display all such information in one location.

PSD2 will also introduce a very important change in the digitisation of payment systems – standardization: more and more payment transactions are processed over the internet and more and more third party providers provide their own standards. This is no longer sustainable, so some form of management and standardisation is needed, while ensuring that security and flexibility are central. That’s what PSD2 is for. Through a very clearly defined strategy definition, PSD2 will enforce the standardization and compliance requirements for security and operations, while allowing a degree of independence and freedom of choice.

Interesting for banks: open APIs have to be ready for testing in March

A couple of significant dates to know about PSD2: By March 14, 2019, ALL European financial institutions were required to achieve API Tech readyness for testing purposes, this will then need to be live by September 14, September 2019.

This deadline, March 2019, is not to be production ready but is a deadline by which time banks have had their ‘dedicated interface’ (open API) ready for testing by PISPs and AISPs. Article 33.6 of the RTS states that banks which aren’t ready for testing by this time must instead provide a ‘contingency mechanism’ which, for most, will mean formalizing their maintenance of a web-based online or mobile interface for TPP screen scraping.

The final deadline to comply with PSD2’s Regulatory Technical Standard (RTS) is September 14, 2019.

English