PSD2, the electronic payment revolution

This new EU directive is broadening the horizons of online payment and banking services and will make life easier for millions of consumers.

More versatile, convenient and secure digital payments. The new PSD2 regulation issued by the European Union, which took effect in Italy on 13 January 2018, is revolutionising the digital economy world and consequently the habits of millions of European consumers. Let’s take a closer look.

PSD2 is the acronym for Payment Services Directive 2. With this legislation, which is a significant step forward from its predecessor PSD, the European Parliament intended to create an even more integrated payment system, supporting technological innovation and increasing the security level of digital payments.

One of the main aims of PSD2 is to increase transparency for the sector’s service providers and users, standardising the rights and obligations connected with individual payment services. The other aim is to increase competition between old and new players in national payment markets, while ensuring a level playing field.

In practice, PSD2 requires banks to "open the doors" to let regulator-approved third parties view customer accounts and data, subject to customer authorisation, using technological solutions such as banking APIs to interface with each other.

This new regulation paves the way for Open Banking by allowing new Third-Party Payment Services Providers (or TPPs) to enter the payment ecosystem, offering new services and innovative user-centred products.

With Open Banking, apps and dashboards will be available that will allow users to manage different current accounts in a single, easy-to-use interface. PSD2 introduces another important innovation: the use of telephone credit (prepaid or included on your bill) for payment transactions in addition to those already available (digital content, donations or electronic tickets).

When it comes to security and authentication, PSD2 introduces the concept of 'Strong Customer Authentication' (SCA) to identify and authenticate the customer with two recognition components (for example a numeric pin and a biometric component) obliging the payment service provider to apply it when the payer accesses his payment account online or has an electronic payment transaction. The technical regulatory standards for these security systems, drawn up by the European Banking Authority (EBA), were issued by the European Commission and took effect on 14 September 2019.

Finally, PSD2 deals with online scams and careless digital payments by offering greater protection to consumers.

Customers will be charged a maximum of €50 for any unauthorized payment, compared to €150 in the previous PSD.

This consumer protection is combined with rules in EU regulation 2015/751, which says e-commerce surcharges cannot be applied for consumer debit and prepaid transactions (excluding cards issued for business or public administration purposes).

PSD2 is still in the initial stages, but the system has the potential to change the way we make payments and more generally benefit the banking sector.


The PSD2 glossary

Key words for understanding the new digital payment revolution

PSD2: Payment Services Directive 2
Open Banking
API: Application Programming Interfaces
Fintech: Financial Technology
GAFA: The Big Four of the Internet
OTT: Over The Top
TPP: Third-Party Provider
PISP: Payment Initiation Service Provider
AISP: Account Information Service Provider
CISP: Card Initiation Service Payment

PSD2: how to navigate between the advantages and risks

With PSD2, the new EU regulations for Open Banking, a customer’s bank account data can be made available to third parties.

This is a turning point for the entire banking and payments system, and it requires end users to have a better understanding of the advantages and challenges of this system. PSD2 took effect on 13 January 2018 in Italy, and since then every account holder can give his or her consent to provide their bank account data digitally to third parties.

That means the data security aspect is key. One of the main objectives of the PSD2 directive is to encourage standardisation and protection for digital payment execution methods, to make transactions more secure, reinforcing consumer protection. However, several steps will need to be taken on the technological front.

Standardised API (Applied Programming Interface) platforms that enable secure access to bank account data must become widespread, in order to resolve security, digital identity, privacy, authentication and identification issues in a clear way.

In summary, the PSD2 revolution will play out across the security, technological innovation and financial education fronts. For consumers and savers, it will be a matter of developing new skills to avoid making hasty choices. For example, they will need to learn to recognise the most technologically advanced and above all reliable parties, and to navigate between increasingly “tailor-made” proposals that are built on the needs of the individual. On balance, it’s a challenge that clearly offers more advantages than disadvantages.

Spinning wheel animation


UniCredit Logo