PSD2 FAQ — Frequently Asked Questions
Last editedMay 2023 5 min read
What is the Revised Payment Services Directive (PSD2)?
PSD2 is a piece of EU (European Union) legislation that is intended to modernize banking, making it not only safer but also more transparent. This directive works as an additional layer of protection for individuals and businesses that do online transactions.
PSD2 is also seen as an additional step towards a digital single market in the EU, giving consumers better choices when it comes to financial services by allowing new players to gain access to the market. With this came more competitiveness, easier and quicker payments as well as tailored solutions that are able to cater to every particular need.
The Revised Payment Services Directive has three main benefits: increased consumer rights, improved security and permission for regulated third-parties to access payment account information.
When was PSD2 first introduced?
The Revised Payment Services Directive was first introduced in 2015, but in order to allow for a transition period the transposition deadline in the EU and EEA (European Economic Area) was set to January 13th 2018.
Due to some technical difficulties, banks, merchants, and other Fintech institutions were granted an extension for full implementation of PSD2 until the end of 2020. Businesses impacted by Covid-19 restrictions had their compliance deadlines extended to September 14th 2021.
How does PSD2 work?
Each Member State of the European Union can individually adopt PSD2 regulations, and have them implemented under their own laws. Under this new payment services directive, banks, and other financial institutions are required to provide APIs (Application Programming Interfaces) for regulated and licenced external services providers, commonly referred to as third-party providers.
These regulated providers can then use APIs to offer an array of payment and information services, that can range from financial management apps to software developed for helping e-commerce with direct PSD2 payments.
What is the importance of QSEAL and QWAC on PSD2?
The payment service providers rely on qualified certificates for electronic seals that can be obtained from a Qualified Trusted Service Provider. The QSEAL (Qualified Electronic Seal) certificates are used for identification verification purposes in order to protect transaction information.
On the other hand, QWACs (Qualified Website Certificates) are used for website authentication to ensure the identities of Account Servicing Payment Service Providers (ASPSPs) and third party providers (TPPs).
What are PSD2’s main benefits for consumers?
Safer online transactions: PSD2 ensures that electronic payments are mediated by strong security requirements, such as Strong Customer Authentication (SCA), protecting consumers’ financial data and privacy. As a result, consumers should feel increasingly more confident when buying online;
More control over your financial data: the introduction of this new regulation allows for easier access to relevant data and a more integrated way of controlling things like spending and savings. It was also designed to give consumers a myriad of new services that help them better manage their assets in this new era of financial literacy;
Access to custom tailored products: individuals can have access to relevant products and services, allowing for greater personalization and the benefit of choice. This empowers customers to take charge of their finances and make informed decisions regarding their present and future;
More consumer rights: consumer liability when it comes to unauthorised payments is reduced, with the addition of a “no questions asked” refund policy for direct debits in euro. Not only that, but PSD2 prohibits additional charges for payments with consumer debit or credit cards, both in shops and online. In case something goes wrong, complaints are to be handled by competent authorities designated by each Member State;
More competitive EU payments market: setting the pace for the future of online transactions, PSD2 embraces the evolution of virtual financial services by applying these new regulations in equal form to traditional banks and new players in the industry – namely FinTechs – which are now regulated under EU rules. This way, the third-party payment service providers (TPPs) can initiate payments on behalf of their customers, assuring retailers that their money is on the way;
What are PSD2's main benefits for businesses?
Faster and more effective decisions: by accessing relevant customer information, businesses can accelerate the decision-making process, saving precious time and resources that can be channelled into profitability;
More control over financial data: the Revised Payment Services Directive grants companies full control over their earnings and expenses, an invaluable tool for managing precious financial assets;
Improved customer experience: greater customer satisfaction will translate in a superior business volume and added revenue;
What are PSD2's main benefits for banks?
Keeping up with the times: by adopting the PSD2, banking institutions present themselves as more modern and appealing, as they can then meet the ever-changing demands of today’s customers;
Customer-centric approach: everything is done in a more secure and timely manner, leading to greater customer satisfaction and improved convenience for all interested parties;
Is PSD2 mandatory?
Yes, the Revised Payment Services Directive is mandatory in the European Union and European Economic Area. Businesses have two ways of complying with PSD2.
Companies can apply for a licence to become either an account information service provider (AISP) or payment initiation service provider (PISP). Both third-party solutions can securely access open banking data with the consent of consumers.
Businesses can also use services like AISPs or PISPs - since both are already authorised and responsible for following regulations – facilitating the outsourcing of these services.
Are there consequences for not complying with PSD2?
Payment providers and banks are legally obliged to enforce PSD2, and non-compliance will result in the loss of transaction volume for sellers and payment providers.
Payment providers will suffer the most severe consequences, as national regulators have the power to impose fines and even revoke licences.
Are there any PSD2 exemptions?
PSD2 is mandatory in the EU and EEA, but there are some exemptions to Strong Customer Authentication (SCA) when certain criteria are met. These are the most common situations:
Low-risk transactions
Payments below €30
Fixed-amount subscriptions
Merchant-initiated transactions
Trusted beneficiaries
Phone sales
Corporate payments
Is PSD2 related to 3DS2?
PSD2 is a European Union directive to regulate payment services and payment service providers, requiring businesses and traditional banks to implement stronger fraud prevention checks like Strong Customer Authentication.
3DS2 was created by Visa and Mastercard in 2016 as a way to update 3DS regulations. It can be seen as a solution for SCA that complies with PSD2 requirements in Europe. Nevertheless, it can also be used outside EU space for customer authentication, diminishing the risk of fraud.
This secure protocol demands that sellers send complementary data with every transaction, in order to guarantee that the customer is the legitimate cardholder.
In sum, this improved authentication system helps merchants to comply with Strong Customer Authentication requirements under the Revised Payment Services Directive.
What does PSD2 mean for banking?
For a long period of time, incumbent banking institutions had a monopoly on payment services. Moreover, before the implementation of PSD2, banks had to authorise payments for account holders.
With the Revised Payment Services Directive, the playing field has been levelled when it comes to the payment services market, creating new opportunities for third-party service providers to come up with new online payment products.
Traditional banks are now also forced to be more transparent in their operations – like credit or currency exchange rates, for example – allowing for a more trustworthy relationship.
Does PSD2 apply to the UK after Brexit?
Since the Revised Payment Services Directive is an EU driven initiative, there were some doubts about whether the United Kingdom had to comply after Brexit.
PSD2 relates to the EEA (European Economic Area) and is not limited to the EU (European Union), which means most banks are planning for some form of EEA relationship with the UK. This new directive is paramount to interaction and success in EU markets, leading to a demand from banking experts to keep up with global PSD2 banking innovation.
Therefore, PSD2 was adopted in the UK by the Payment Services Regulations.
Does PSD2 apply to US companies?
The Revised Payment Services Directive does not apply in the United States, being enforced exclusively in Europe. However, US companies doing business in the EU have to comply with PSD2 regulations.
PSD2 has the potential to change the payments' industry landscape at a global level, so it is vital that US companies pay attention to its evolution.
Who is responsible for enforcing PSD2?
It is up to each European Union Member State to determine a National Competent Authority responsible for issuing account information service provider (AISP) licences and monitor their activity.
In the UK, PSD2 is enforced by the Financial Conduct Authority (FCA), the regulator of financial firms and markets in the United Kingdom. FCA is responsible for the determination of which third party provider (TPP) can be authorised or registered, as well as for the monitoring of TPPs reporting obligations under PSD2. All complaints towards a third party provider are also handled by the FCA.