PSD2 the first legal framework towards open banking

What is PSD2?

The Revised Directive on Payment Services (Directive (EU) 2015/2366 – a.k.a. PSD2) is an EU legislation:

  • effectively fostering the creation of a dynamic Financial Services ecosystem, with special focus on online & mobile payments
  • through opening up secure access to account data (XS2A) from the Account Servicing Payment Service Providers (ASPSPs)
  • primarily via the use of APIs
  • to trusted Third Party Payment Service Providers (TPPs)
  • enabling them to build services based on Account Information Service Provider (AISP) and / or Payment Initiation Service Provider (PISP)
  • providing more options & flexibility to end users / Account owners

The PSD2 legislation is effective January 13th 2018. On March 13th 2018, the additional milestone for the enforcement of Regulatory Technical Standards (RTS) & Strong Customer Authentication (SCA), was published in the Journal of EU. By September 14th 2019 all banks need to have a developers portal with live APIs.

The key PSD2 stakeholders in action!

Try the PSD2 APIs live, in our Free PSD2 Sandbox, powered by aplonAPI

Compliance Timeline major milestones

  • 1st deadline 13 January 2018
    Deadline to Transpose PSD2 in Member States
  • 2nd deadline14 March 2019
    Deadline for all European banks to have their own Developers Portal
  • 3rd deadline14 September 2019
    18 months after their publication by the European Commission, the RTS on Strong Customer Authentication and secure and common communications enter into force.

PSD2 Glossary

AcronymWhat it meansAdditional Information
APIApplication Programming Interface A connector, available to TPPs, making it easier to develop a computer program by providing specific functionalities. In PSD2 the following APIs are available

- Authentication
- Payment Initiation
- Payment Status
- Account Balance
AISPAccount Information Service ProviderA TPP, making use of PSD2 APIs only to request information regarding the Account Balance. e.g. to aggregate information across multiple accounts & provide a consolidated view of finances, such as a PFM
ASPSPAccount Servicing Payment Service ProvidersAn organization providing and maintaining Payment Accounts for customers. e.g. Banks & Financial Institutions
PISPPayment Initiation Service ProviderA TPP, making use of PSD2 APIs only to make a payment. E.g. a Treasury Management System used by a corporate to automate outgoing Payments
PSD2The Revised Directive on Payment Services (Directive (EU) 2015/2366 – a.k.a. PSD2) is an EU legislationThe reason you’re looking at this page! PSD2 creates a major Open Banking paradigm for European Banks & is a template for similar projects across the globe
PSUPayment Service UsersThe end users of all the functionality put in place by PSD2. They can be either natural or legal persons & interact with TPPs & ASPSPs
RTSRegulatory Technical StandardsThe Regulatory Technical Standards on strong customer authentication and secure communication under PSD2 provide details & guidelines on the implementation of PSD2
SCAStrong Customer Authentication The SCA caters to the increased security needs for the new PSD2 environment. It requires two or more of the following independent elements to be used, for an electronic transaction to happen:
- Knowledge (something only the user knows, e.g. a PIN)
- Possesion (something only the user possesses, e.g. key material)
- Inherence (something the user is, e.g. fingerprint, voice recognition)
TPPThird Party Payment Service ProvidersPayment Institutions, which don’t hold payment accounts for their customers. AISPs & PISPS are specific types of TPPs
XS2AAccess to Account dataThe provisions for third party secure ‘access to account’ under the PSD2 directive. This is the cornerstone needed to enable Open Banking under PSD2

Learn how aplonAPI enables PSD2 compliance in record time for Banks & Financial Institutions

Frequently requested answers

?PSD2 will affect the existing banking business models
  • Loss of Fees from Card based transactions
  • Loss of Customer “Ownership” & Insights
  • Potentially reducing the switching cost & removing the “Barrier of exit” concern for existing customers
?Banks have 4 strategic options when dealing with PSD2
  • Focus on compliance only
  • Extend their APIs beyond the ones required by PSD2 & monetize their API offerings
  • Work with TPPs to create customer centric services & monetize their customer insights
  • Embrace & expand the Open Banking ecosystem to create completely new offerings & introduce new revenue streams
?You need an API Management Platform to properly handle the PSD2. This platform must
  • Offer the PSD2 APIs & allow you to build additional ones
  • Allow granular control of access, including support for SLAs
  • Capture & Provide full audit trail for the real time monitoring & reporting of API transactions
  • Include a Developer’s portal & sandbox to assist developers in accessing & utilizing the APIs aplonAPI™ by Payment
PaymentComponents offers all of these functionalities & much more to empower your Open Banking endeavors. Learn more here (