PSD2: does it apply to your business?

IN THIS ARTICLE
Table of Contents
Like it? Share it

ts’Everyone today is familiar with multi-factor authentication. However, this increased security when completing online payments only came up when the PSD2 rolled out not so long ago. Keep reading to learn why this measure came to be and understand how it works.

PSD2 added security layers for online payments in B2C and B2B settings. When it comes to B2B payment protection, Trustpair is the ultimate security measure to protect payments, thanks to ongoing account validation. Request a demo to learn more!

New call-to-action

PSD2: what is it?

PSD stands for Payment Service Providers Directive, a regulation from the European Union regarding electronic payment services. It originated in 2007 to:

  • Create more secure standards for online payments and data management,
  • Foster innovation amongst banks and FinTech institutions,
  • Support banking services in their digital transformation.

The PSD2 came to be in 2013 when the European Commission passed an amendment to the original PSD. It’s an answer to the ever-growing risk of fraud customers face online, such as the rise of identity thieves.

Its goals and requirements are very much aligned with the original payment directive, with this new version aiming to:

  • Further increase customer protection on online transactions.
  • Boost innovation and competition in the financial technology sector
  • Keep up with new payment methods, such as instant payment methods.

The overall goal for PSD regulations is to further develop the single payment market in the EU, by targeting both API-providing services (also called account service providers) and financial institutions (or payment initiation services).

Concretely, these regulations have allowed banks and third party payment service providers to connect and exchange information. This created the open ecosystem we’re now used to, where we can grant access to our bank accounts to authorized third parties to perform a given task.

For example, budgeting and invoicing solutions can plug into your bank account and extract your financial information to function. By removing the barriers to information, the PSD created an ecosystem where data is shared freely to create a better (and safer) customer experience.

In brief, the PSD2 regulation is here to protect consumers while bringing more ease and convenience to the European banking market.

For banks and businesses offering payment services providers, this translates into a new level of compliance they will have to meet, both on payments themselves and on data management. Learn more about effective vendor data management here.

To learn more about instant payments and payment trends in Europe, download our white paper!

New call-to-action

PSD2: what are its requirements?

According to the European Banking Authority, the trade-off for increased data circulation must be increased digital security. The role of PSD2 is to enhance but also to protect online payments, whether peer-to-peer, B2C, or B2B.

Its’ main requirement is called SCA — for Strong Customer Authentication. The PSD2 measure mandates a two-factor authentication when completing an online financial operation (sending payments, consulting your accounts, using trading services, etc.)

Consumers have to complete 2 of the 3 methods to authorize the operation, which are organized into three categories:

  1. Knowledge: something the customer knows, like a password.
  2. Inherence: something the customer is, like a fingerprint or facial recognition.
  3. Possession: something the customer has access to, like an app generating a code.

For example, banking apps can ask you to:

  • Enter your login (knowledge) and then send a code to your phone (possession) to confirm your identity and authorize your payment.
  • Use facial recognition (inherence) to access your bank account, and then ask for your password (knowledge).

 

PSD2: who does it apply to?

PSD2 targets all financial service providers in the European Union:

  • Financial institutions: banks, open banks, credit unions.
  • Third-party providers: FinTechs, developers of APIs, and retail merchants that access your banking data.

This applies to all member states, so every organization in the EEA (European Economic Area) must have PSD compliance.

PSD2 UK used to be included, but not anymore with Brexit.

As for the US, they are not directly targeted but can be impacted if:

  • They have locations in the European Union or EEA zone.
  • They have transactions with EU consumers or businesses.
  • They do significant business with EU organizations.

At a time of heightened globalization, the above elements mean many businesses are actually impacted. That’s true for international companies but also smaller businesses with clients or suppliers abroad (like many of our clients).

 

From PSD2 to PSD3

As time and technology go on, so must the regulations! While PSD2 is still current, there are talks of a third version of the Payment Service Direction, named PSD3.

This aims to broaden the scope of the PSD2, covering the same basis but extending the security to prevent payment fraud.

Here are some of the forecasted key changes with PSD3:

  • Improving the Strong Customer Authentication SCA regulations.
  • Tightening the rules surrounding third-party access to payment and account information.
  • Creating a new Payment Service Regulation (PSR) to improve consumer protection.

While we don’t have clarity on the content and timeline yet, regulatory experts estimate this third iteration of PSD will come into effect in 2026.

At any rate, it’s always best to move toward increased payment safety. With financial fraud on the rise, it’s become increasingly important to be adequately protected in your business.

Trustpair is an anti-fraud software that helps secure your B2B payment process from end to end. We use ongoing account validation to check your third-party data in real time, so you always know to whom you’re sending funds. This ensures compliance with international regulations and eradicates third-party fraud risks.
We’ve worked with 200+ clients, many large international companies who like the peace of mind that comes from working with us. Our solution protects you against the many face faces of financial fraud, from vendor fraud to CEO fraud.

Key Takeaways:

PSD2 is a European directive that aims to increase payment safety while boosting innovation in the financial market. It’s the second iteration of the original PSD, with a focus on multi factor authentication. Trustpair helps protect your company against financial fraud while remaining compliant with ever-changing international regulations.

You’d like these articles

FAQ
Frequently asked questions
Browse through our different sections and find the answer to your question.

Not directly: PSD2 only applies to organizations in the EU and EEA. But in reality, many businesses in the US deal with European businesses or citizens. That’s why many US businesses have to comply with this regulation.

PSD stands for Payment Service Directive, a European directive created in 2007 to boost innovation and security in the EU banking industry. In 2013, the European Commission amended it and created a revised Payment Services Directive which is why the “2” in PSD2 was added. PSD2 is the regulation that is currently active in the EU.

Like the PSD2 regulation, our technology aims to protect your payment chain against fraud or error risks. The platform continuously audits banking data to make sure there haven’t been any suspicious changes in vendor status. We also monitor transactions and block any payments to unknown vendors. This also helps you be compliant with requirements from AML or Nacha. Overall, your business will be protected from third party risks and gain efficiency.