Blog Fintech

Understanding PSD2 and Open Banking

Fintech

If you have ever had anything to do with banking or payments in Europe, you have probably heard the terms PSD2 and Open Banking. Sometimes used interchangeably, these two concepts can be a mystery even to the fintech-savvy. In this article, we’re going to closely examine the similarities and differences between Open Banking and PSD2, and look at the ways these two frameworks unlock new opportunities for fintechs, online businesses and their clients. Let’s dive in!

What does Open Banking mean?

Open Banking is a framework that allows third-party providers (TPPs) to securely access and handle bank account data via Application Programming Interfaces (APIs). The very first Open Banking regulations in the EU were introduced in 2015. Since then consumers in the majority of European jurisdictions can provide licensed and regulated financial service providers with access to their accounts. Use cases are plentiful and varied, and include payment initiation, account aggregation, identity verification, and other services. 

Side note: Open Banking is not a purely European thing, as similar programs have been rolled out in other jurisdictions around the world. In this article, however, we will be focusing mainly on Open Banking in Europe.

Open Banking helps create seamless and convenient customer experiences. Let’s imagine that you are operating an online marketplace. Without Open Banking, you might be limited in the checkout options you could offer your shoppers. With Open Banking, on the other hand, both your clients and your merchants can handle payments, refunds and other transactions without having to jump through hoops. And as Open Banking solutions can be easily embedded into different touchpoints, they don’t even have to leave your website or app to manage their financial matters. 

The question is – how is this seemingly free flow of financial datea made safe and secure? Far from being laissez-faire, Open Banking in Europe is a tightly regulated space, where one set of rules is king (for now). Let us introduce the Revised Payment Services Directive, which is better known as PSD2.

What does PSD2 mean?

Adopted in 2015, the Revised Payment Services Directive (commonly known as PSD2) is the regulatory backbone for Open Banking in the European Union and the European Economic Area (EEA). PSD2 sets the standards, particularly around security and authentication, which all licensed financial services providers must adhere to. 

One of the main underlying principles of PSD2 is making online payments safer and more convenient, while ensuring that customers receive high-quality banking services. 

Safer payments – PSD2 mandates the use of Strong Customer Authentication methods (more on that later);

Better consumer protection – under PSD2, consumers are protected against financial losses from unauthorized transactions;

Increasing competitiveness and boosting innovation – by making banks open their APIs to all regulated financial institutions, PSD2 essentially leveled the playing field for companies developing innovative financial services.

The key components of PSD2

To better understand how PSD2 works in a way that’s secure and efficient, we need to have a grasp on several essential concepts. These include third-party providers (TPPs), access to accounts (XS2A), and strong customer authentication (SCA).

Who is considered a third-party provider according to PSD2?

Third-party providers or TPPs are companies (usually fintechs) that are authorized to initiate transactions and access account information on behalf of a bank customer (individual or business).

To operate under PSD2 as a third-party provider, a company would need to receive either an  Account Information Service Provider (AISP) or Payment Initiation Service Provider (PISP) license. AISPs can access and consolidate user account information from different banks, whereas PISPs can initiate payments on behalf of the user. 

What does Access to Accounts (XS2A) mean?

Access to Accounts (XS2A) is at the core of all activities that become available under PSD2. In a nutshell, XS2A allows regulated third-party providers (which we’ve just discussed) to access a bank customer’s account. This access facilitates two main services: payment initiation and account information.

Under PSD2, all banks operating in the EU/EEA are required to provide APIs to allow third-party providers access to customer account data. Customers, in turn, can choose from a wide range of apps and services to view their account information or initiate payments.

While it might seem that everything is happening in the background (which it kind of does), it’s important to bear in mind that nothing can happen without the customer’s overt consent. Users decide which data they share and with whom, placing them in full control of their financial data.

And consent isn’t a one-and-done deal. In fact, customers can revoke access to their data from third-party providers (TPPs) at any time.

How does Strong Customer Authentication (SCA) work? 

Strong Customer Authentication (SCA) is an inherent part of the PSD2 framework that reduces fraud and makes online payments more secure. To meet SCA requirements, all third-party providers and banks have to integrate additional multi-factor authentication.

Typically, to authenticate a payment, a customer has to provide at least two of the following three elements:

  • Something they know. This could be a password, a PIN code, a customer authentication number, and so on.
  • Something they have. This can be a physical device – for example, a smartphone equipped with an e-signature.
  • Something they are. This can be their fingerprint or other means of biometric identification.

What are the benefits of PSD2 and Open Banking for consumers?

PSD2 and Open Banking enhance the customer experience through improved access to account information and financial services. 

For consumers, the main benefits are as follows:

Valuable insights. It is common for people to have many bank accounts, e-wallets, and so on. With Open Banking and PSD2, they can aggregate all financial data across accounts in one platform or app. This consolidated view can provide deeper insights into their financial health, spending habits, and even asset portfolios. 

Seamless transfers. Customers can initiate payments or transfer money between accounts across different banks effortlessly, reducing the time and hassle associated with traditional banking processes.

Better customer experience. A level-playing field among fintechs and other financial service providers leads to better and more varied products, as well as lower fees. And as customers start expecting better financial experiences, everyone – including traditional banks – has to up their game.

While there are numerous ways in which Open Banking and PSD2 benefit customers in Europe, the main use cases fit under the following categories:  Account aggregation, Personalized financial management tools, and Simplified payment experiences.

Account aggregation allows customers to view all their bank accounts, credit cards, loans, and other financial instruments from different providers in one dashboard. This holistic perspective aids customers in understanding their entire financial picture at a glance.

Personalized financial management tools can analyze transaction history, categorize spending, and help users set budgets. By tracking expenses and setting financial goals, customers can make more informed decisions about their spending habits.

Simplified payment experiences, such as direct account-to-account transfers, bypass the need for intermediaries like credit card networks. 

Thanks to Embedded Finance capabilities, customers can receive high-quality financial services across multiple platforms, including e-commerce stores, marketplaces, platforms, travel websites and more. 

How does PSD2 and Open Banking foster innovation?

Open Banking has paved the way for fintech startups to emerge and flourish, each bringing unique solutions, from budgeting tools to investment platforms.

At the same time, traditional banks and fintech firms now engage in partnerships, combining the trust and reach of banks with the innovation and agility of fintechs. This collaboration often results in novel solutions for consumers.

Beyond traditional banking services, we see integrations with other sectors like e-commerce, telecommunications, or even health, thus expanding the horizons of financial services.

How is PSD3 going to change Open Banking in Europe?

On June 28th, 2023, the European Commission unveiled the draft of the third Payment Services Directive (PSD3), intended to replace the currently valid PSD2. In the best case scenario, the new legislation will be passed in the summer of 2024, with expected enforcement commencing at some point 2025.

A few noteworthy elements of the draft PSD3 include:

Enhanced SCA application. Banks will mandate Strong Customer Authentication (SCA) only during initial data access by TPPs. After that, TPPs will oversee the SCA application for subsequent data access.

Consumer data access dashboard. Banks will be expected to introduce intuitive and powerful dashboards, empowering Open Banking users to oversee and manage their data permissions. 

Standardization of data and access: Customers can now electronically access their data without extra charges. Financial institutions will need to standardize data sharing via a dedicated financial data-sharing scheme. The objective is to encourage extensive data sharing across the EU while ensuring adherence to quality standards.

The new provisions strike a balance between enhancing user experience, ensuring data security, and promoting consistent open banking practices across the EU.

Related blog posts

View all