Clear DefinitionsPSD2 (Revised Payment Services Directive)
1 min read
Pronunciation
[P-S-D two]
Analogy
PSD2 is like opening the highway to all carmakers rather than only allowing government-run buses, enabling multiple payment services to operate.
Definition
An EU regulation that mandates banks to open APIs for third-party providers, promoting competition, innovation, and stronger customer authentication in payment services.
Key Points Intro
PSD2 establishes open banking and strong security requirements for electronic payments.
Key Points
Open APIs: banks must provide Account Information and Payment Initiation APIs
Strong Customer Authentication (SCA): requires two-factor authentication
Third-Party Providers (TPPs): regulated access for payment and info services
Regulatory Technical Standards (RTS): define API and security specifications
Example
A fintech app uses a bank’s PSD2 API to display account balances and initiate SEPA transfers with user consent.
Technical Deep Dive
PSD2’s Access to Account (XS2A) framework uses OAuth 2.0 and OpenID Connect for authorization. TPPs register with national authorities under AIS or PIS licenses. The RTS specify message formats (JSON), API endpoints, and SCA exemptions. Error codes and fallback procedures ensure reliability.
Security Warning
Improper SCA implementation or unsecured API endpoints can expose customer data and enable fraud.
Caveat
Fragmented national implementations and varying API standards can hinder seamless cross-border integration.
PSD2 (Revised Payment Services Directive) - Related Articles
No related articles for this term.