Coming to the U.S. - PSD2 - Payment Service Directive staff writer has added additional information and graphics.

History: The EU set up common rules for payments with the adoption of the first payment services directive (PSD 1). The directive became law in 2009 and is still in force. It covers all types of electronic and non-cash payments, such as •credit transfers •direct debits •card payments •mobile and online payments

Payment Accounts can include:
• current accounts (checking and savings)
• e-money accounts
• flexible savings accounts
• credit card accounts
• current account mortgages

A 2015 European Parliament regulation, EU2015/751, caps the fees that a European cardholder’s bank may charge a merchant’s bank (interchange fees) at 0.2% for debit cards and 0.3% for credit cards. Also passed in 2015, and ramping up to full effect in January of 2018, is Europe’s revised Payment Service Directive (PSD2). PSD2 allows access to payments accounts, commonly referred to as XS2A. PSD2 qualifies a 'payment account' as an account held in the name of one or more payment service users which is used for the execution of payment transactions. Intending to increase consumer choice and empower new competition, the directive requires European banks to share consumer-banking information with financial-technology companies that provide payment services.
The combination of these two regulations dramatically decreases the value that payment networks provide to banks and merchants and raises the question, is this the beginning of the end for these networks?

Source: CapGemini

There are different strategies for banks to deal with the PSD2 Directive. Some banks see PSD2 as a directive to simply comply with and to provide secure access to their customers’ data to third party payment service providers (TPP), whereas other banks see the potential beyond PSD2. These banks will become TPPs themselves. The term “third-party payment service provider” includes payment initiation and account information services. These services are characterized by the fact that they gain access to accounts accessible via online banking using the personal access data of the holders of those accounts. In the case of payment initiation services, transfers to third parties – e.g., ecommerce retailers – are initiated; and in the case of account information services, the account status is queried to create a consolidated statement for all of the accounts of the user of the respective service.

With the adoption of the revised payments directive (PSD2), the European Parliament mandated a revolution in the european payment industry. Under the new regulation, the playing field is finally level for startups in the FinTech space to play a more important role.

PSPs will be barred from denying TPPs access to bank accounts, and account servicing PSPs will be required to treat payment orders (in the case of PISPs) and data requests (in the case of AISPs) without discrimination, e.g., by applying additional charges, or treating them with lower priority in terms of execution/timing. PSPs will be able to deny access, however, where suspicion of fraudulent or unauthorized activity can be “objectively justified and duly evidenced.” These two new regulated entities – PISPs and AISPs – will be required to hold either professional indemnity insurance or a comparable guarantee. New market entrants may therefore find this initial requirement a potential barrier to entry.

Often though, we hear the same question: What does really change?

What you will find here below is the summary of the FIVE main topics the new regulation brings to the table, with commentary on the far reaching impact for our industry.


  1. Extension of scope beyond Europe and in the definition of a “Payment Institution.”

  2. Account Information Service Providers

  3. Payment Initiation Service Providers

  4. Prohibition of card surcharges

  5. Security of online payments and account access

Extension of scope beyond Europe and in the definition of a “Payment Institution.”

The PSD2 expands the reach of the original PSD, including also what is referred to as “one leg out” transactions: transactions where at least one (and not anymore both) party is located within EU borders.

Payment Institutions are now in the definition of Payment Accounts held by Account Servicing Payment Service Providers, aka: ASPSP.

The PSD2 also extends the definition of “Payment Institution” to new types and categories of players.

Third-party account access

The main scope of the PSD2 is to encourage new players to enter the payment market, and it does this by mandating banks to “open up the bank account” to external parties. These Third Party Players, aka: Third Party Payment Service Providers (TPPs) are divided in two types:

  1. Account Information Service Providers (AISPs)

  2. Payment Initiation Service Providers (PISPs)

AISPs ( Account Information Service Providers ) are providers that can connect to bank accounts (Payment Accounts held by Account Servicing Payment Service Providers, aka: ASPSP) and retrieve information from them. An ‘account information service’ is an online service to provide consolidated information on one or more payment accounts with either another payment service provider or with more than one payment service provider. AISPs will be able to retrieve customers’ transaction and balance information from all the payment accounts that customer owns and has authorised the AISP to retrieve data from. An AISP will not be able to transfer funds out of a payment account, they just provide an aggregated view of past transactions that have already occurred. A typical example of this would be an investment recommendation service: the service will be able to see how much money a user is saving each month from his income, and provide tailored advice based on his spending patterns.

PISPs ( Payment Initiation Service Providers ) are players that can initiate payment transactions. The payment gateways to consumers’ bank accounts will be owned by Payment Initiation Service Providers (PISPs), A 'payment initiation service' is a service to initiate a payment order with respect to a payment account held at another payment service provider. This is a radical change in this industry, as currently there are not many payment options that can take money from one’s account and send them elsewhere. Currently we only have (SEPA) Credit Transfers and debit cards, which are both offered only by the account holder’s own bank. In the future we will probably see several different payment options that can move money from the account, without the need of using a wallet (eg: Paypal)

Prohibition of card surcharges

The original directive left it up to each country to decide upon surcharging of card payments, creating a scattered european landscape in which some countries banned this practice and some others allowed it. PSD2 seeks to standardize the different approaches to surcharges on card-based transactions, which will be not allowed for those consumer cards affected by the Interchange Fee cap.

Security of online payments and account access

Allowing new players to have access to customers bank accounts is risky business. The regulator therefore introduced new security requirements for electronic payments and account access, along with new security challenges relating to AISPs and PISPs.


So what changes are we expecting and who gains the most with this new regulation?

Banks have to adapt. Currently bank accounts are siloed and, with a few exceptions, banks do not grant access to the information stored in customer accounts. Under the new regulation, they are asked to “open up”, but the burden of developing technical solutions is on the banks themselves, creating the APIs that everyone is talking about.

The Payment Initiation Service Providers (PISPs) stand to gain the most. They have the chance to eat the proverbial “free lunch” by taking it from the Banks (if the banks do nothing, obviously) and walk away with a piece of the pie, too.

Users, as often is the case when competition is encouraged, will gain the most. New services will arise in the form of payment methods, intelligence on how to better use each one’s savings, and reusing identification capabilities. The most typical example of payment methods that could become popular is the connection with social networks. Services that enable to send payments directly from messaging apps are already popular in the US, where Venmo stands ahead of the pack, and pleasing investors with steady double digit growth.
In Europe we currently don’t have such an example, but by opening up the bank account, players can merge the benefits of instant settlement with the speed of internet messaging. In a couple of years we will be able to ask our colleague to share the bill for lunch and get a notification on facebook that the funds are ready to use, safe in our bank account. The main difference will be that we won’t need wallets anymore (eg: Paypal, PingIt) but we’ll simply ask Whatsapp to connect to our bank account and use our fingerprint to accept a payment request from the colleague next door. No need to open 3 different apps, fiddle with 20+ digit long IBAN codes and double check at the cubicle if the payment arrived alright.