PSD2 – what does it mean for you?

PSD2, the Payment Services Directive 2, came into force on 13 January 2018. What is it and together with Open Banking how will it change the payments landscape for corporate and retail banks…

What is Payment Services Directive 2?

PSD2 is the new legislation centred on payment services within the European Union. The new legislation is aimed at increasing competition in the payments market, as well as improving the security and transparency of payments. In practice, it is expected that the directive will revolutionise the way the payments system in the EU works by creating tremendous opportunities for third parties such as FinTechs, merchants and online retailers in the way they collect payments from the customers. The ‘disruption’ caused by PSD2 will create threats for the long established players in the payments market, but brings opportunities to innovate and alter strategy for both corporate and retail banks alike. It might not seem so relevant for existing customer bases, but it will be embraced by Millennials and those that follow.

Some of the implications

The main change is that PSD2 is creating a level playing field for third parties processing payments or accessing the financial information of customers. The regulation has introduced two main types of third parties: account information service providers (AISP) and payment information service providers (PISP). Put simply, AISPs will be able to access and aggregate a customer’s financial data across different banks through the bank APIs. At the same time, PISPs will be allowed under PSD2 to initiate payments directly from a client’s bank account to the merchant avoiding banks and card schemes as intermediaries. This will work equally across large cash management pools and working capital transactions for businesses as it will for individual consumers in the retail environment.

Who will be able to take advantage of the changes brought in by the directive?

Online retailers, merchants, accounting platforms, FinTechs and banks are expected to take advantage of the new regulation. Consider the following scenario: becoming an AISP and a PISP can allow a challenger bank, to combine a client’s data across their multiple current accounts in various banks through the APIs and perform payment transactions on their behalf as a PISP, without the need to set up their own current account or e-money account.  This will reduce costs for the business without losing the customer value proposition. It would also provide a client with the opportunity to ‘rate chase’; having the rates of various banks available to them in one snapshot at any time would enable bulk payments or pooling of cash to be undertaken at the most cost-effective price. Online merchants can benefit significantly from the new payments structure. By becoming a PISP the online retailer will be able to route its online transactions directly from a customers’ bank account to its bank account, avoiding intermediary costs.

What next?

The new regulation creates a range of security issues, especially in relation to the way third parties will handle sensitive customer financial data. In order to resolve the arising issues, Regulatory Technical Standards on strong customer identification and secure communication will be implemented by September 2019, as confirmed by the European Commission.


  • Have you defined your PSD2 strategy?
  • Are you compliant with the legislation on PSD2?
  • What have you done to address the technical implications; do you have appropriate APIs in place?

If you need more guidance on the application or compliance of PSD2, or to discuss how you can take advantage of the new regulations to drive revenue and determine your organisation’s strategies, please get in touch with us.