The Payment Services Directive (PSD) is a European Union regulation that sets the rules for payment services across EU member states. PSD was released in 2007 and aimed to create a single market for payments. PSD2 is the Second Payment Services Directive, released in 2015. PSD2 specifically aimed to provide better security for online payments and promote innovation in digital payments. PSD2 introduced Strong Customer Authentication to ensure digital payments are more secure.
The European Commission is currently busy with a new revision to these standards, PSD3, which aims at greater standardization of the rules, along with improved security and accessibility of payment services in the EU.
How does PSD2 compliance work in banking?
Banks, credit unions and other financial service providers within the regional catchment area must comply with PSD2 regulations. Essentially, they must allow their customers to provide access to their account data to trusted third parties.
Financial institutions that do comply are able to standardize compliance across geographies, increase their level of transparency and security, and boost competition and innovation in the sector.
What are the PSD2 compliance requirements?
For FIs to be in line with the Second Payment Services Directive, they need to meet certain standards, which include:
Open APIs for third-party access: Granting access to customer data to enable third-party offerings, which can help FIs deliver more competitive products and services to their customers.
Multi-factor authentication (MFA): Within this standard, MFA must include at least two factors of authentication, but they must be independent; in other words, on separate channels.
Strong Customer Authentication (SCA): SCA is a form of MFA which incorporates at least three factors of authentication (knowledge, possession, and inherence) to strengthen the bank’s fraud prevention solutions.
Who does PSD2 compliance apply to?
All banks, credit unions and other financial institutions, particularly in the EU, are affected by PSD2 regulations. Banks, credit unions and payment processors must comply with these standards. Companies with customers that reside in the EU need to follow PDS2 rules too.
PSD2 and open banking
PSD2 standards support the move to open banking, bringing together banks, fintech companies, and retailers. This means that FIs can securely share customer data with third parties via APIs. Open banking supports more collaboration, which ultimately benefits both FIs and their customers with more modern, convenient services, keeping FIs relevant and competitive.