A Guide to PSD2

If you’re an Irish saver who uses online banking regularly and keeps up to date with the latest financial technology (fintech) and legislation developments, you may be familiar with PSD2 or have heard it mentioned alongside terms such as “open banking”. Even if you’re unaware of what PSD2 is, you may have already taken advantage of it without realising. On this page, we explain what PSD2 legislation is, how it works, its importance, and what PSD2 means for open banking.

PSD2 stands for the second Payment Services Directive and is a European regulation for electronic payment services and payment service providers throughout the European Union. 

PSD2 is designed to boost innovation and help banks adapt to new technological developments. It focuses on improving consumer rights, aligning payment services, enhancing security through strong authentication systems and enabling third-party providers, such as budgeting apps and online merchants, to access financial data and offer customers new ways to make transactions and manage finances.

PSD2 was introduced in 2018 to facilitate an integrated and seamless payment experience across EU member states. Its goal was to foster new, innovative ways for consumers to use their bank accounts, thereby promoting the growth of fintech. PSD2 also introduced Strong Customer Authentication (SCA) to enhance secure payments and reduce fraud.

The whole directive is overseen by the European Banking Authority, which makes sure payment services across Europe are reliable and transparent. In Ireland, the Central Bank of Ireland is in charge of applying PSD2 rules locally.

Under the updated Payment Services Directive, banks and other financial institutions throughout the EU are required to provide licensed and approved third-party service providers access to customer account data (if the customer consents). They do this using secure connections called application programming interfaces (APIs). An API is simply software that allows different systems to talk to each other, allowing a financial institution’s system to quickly and securely connect to a third-party provider’s system and share financial data.

Once a third-party service provider is authorised under PSD2 and can comply with its regulations, it can offer a range of financial services that require access to banking information.

The introduction of PSD2 means that trusted companies can access your banking data (but only with your permission) to help you manage your money better. You can:

• See all your accounts in one place. Some apps display all your balances and transactions from different banks, all in one dashboard.

• Pay straight from your bank account. With Payment Initiation Services (PIS), you can pay online without having to enter your card details.

• Get personalised financial help. Authorised third-party providers can use your data to offer financial services that are tailored to your situation.

A more indirect effect of PSD2 has been a more open banking environment across Europe. Platforms like Raisin can offer savings accounts from a range of trusted banks in one place, making it easier to find competitive rates.

PSD2 has three main objectives, which are the following: 

• Better protection for consumers paying online 

• Promoting innovative approaches to online financial services 

• Enabling faster payment services throughout the EU

One of the most important requirements introduced by PSD2 is Strong Customer Authentication, or SCA for short. It’s often referred to as multi-factor authentication. What it means is your bank or payment provider has to double-check your identity or confirm that you agree to a payment using two of the following three ways:

• Something the cardholder knows, such as a password or PIN

• Something the cardholder has, such as a token or mobile phone

• Something the cardholder is, such as a fingerprint or voice recognition

For most consumers in Ireland, SCA usually happens through your bank’s mobile app or by using a card reader device.

GDPR is the law that applies to your personal data more generally, across all sectors. PSD2, on the other hand, specifically concerns payment services. It sets the rules for online banking and sharing your account data with third-party apps. Both are EU laws that deal with data, but they do so in different ways.

PSD2 provides the framework through which financial service providers can offer you services, including convenient ways to make online payments, without being redirected to another payment service, such as PayPal. 

If you have more than one bank account, you can allow third parties, such as budgeting apps, to hold and display all your account information in one place. However, this is only possible with your explicit consent. This means you maintain complete control over who gets access to your information and what data they can see, and you can withdraw your consent at any time.

PSD2 also requires enhanced identity checks, especially for higher value transactions, so your financial data is still secure.

PSD2 isn’t just about optimising payments, it also strengthens your rights as a consumer, with protections including:

• A €50 limit on your liability for unauthorised payments on your account, unless it is proven that you acted fraudulently.

• The right to a refund on SEPA direct debits within eight weeks.

• No extra charges for paying with debit or credit cards.

• The option to cancel your agreement with a bank after six months without paying a cancellation fee.

• Providers must have a clear complaints procedure to help you resolve any problems.

Financial institutions that supply your data and third-party financial service providers must comply with all PSD2 regulations. This includes having a robust API infrastructure and supporting customer security with Strong Customer Authentication. Banks must also provide customer data in real-time when requested by authorised providers. 

PSD2 is a major piece of legislation that affects all EU member countries, including Ireland, and is as essential as other regulatory and strategic initiatives in the financial sector.

The implementation of PSD2 is important because of the benefits it can bring to your online financial transactions and experiences. It aims to make paying online easier and faster, while also improving security.

Transactions through open banking are protected by sophisticated authentication methods. PSD2 requires two-factor authentication, which reduces risk and improves online financial safety.

Additionally, PSD2 facilitates openness to financial data, which is necessary for enabling innovations in the financial services industry. This increased openness can encourage competition, potentially giving consumers more and better financial choices.

PSD2 affects payment service providers (banks, credit unions, and payment initiation providers) within all member countries of the EU as well as those within the European Economic Area and anyone wishing to engage in the European payments market. In terms of the countries that PSD2 applies to, the complete list is as follows:

• Austria
• Belgium
• Bulgaria
• Czech Republic
• Cyprus
• Denmark
• Estonia
• Finland

• France
• Germany
• Greece
• Hungary
• Iceland
• Ireland
• Italy
• Latvia

• Liechtenstein
• Lithuania
• Luxembourg
• Malta
• Netherlands
• Norway
• Poland
• Portugal

• Romania
• Slovakia
• Slovenia
• Spain
• Sweden
• United Kingdom

Open banking allows banks and third-party financial service providers secure access to your bank and other financial data. Open banking is regulated by PSD2, which means that banks can share your financial data, such as regular payments and statements, with authorised service providers, as long as you permit them to.

Open banking is a service, while PSD2 is one of the regulations that govern how that service works. Effectively, PSD2 is the law that requires banks to provide data to third parties (as long as you have permitted them to), and open banking provides a standard format in which to provide your data.

If you want to get a feel for open banking, register for a Raisin Account. A Raisin Account means you can benefit from fintech services and apply for savings accounts from a range of banks in one place. All you need to do is register for a free Raisin Account online, click to apply for a savings account, and transfer your deposit to your Raisin Account. There’s no need to fill out a new application each time you apply, and your money is deposit protected (up to €100,000).