What is PSD2 and How it works

What is PSD2 and How Does It Work?

PSD2, officially known as the Revised Payment Services Directive, is pivotal in the evolving landscape of digital finance in the EU. Its aim is to reshape the way payment services are delivered and utilized across the continent. 

At its core, PSD2 is designed to increase competition, enhance consumer protection, and foster innovation in the payments industry. But what exactly is PSD2, and how does it function in the complex ecosystem of financial transactions? 

This article delves into the intricacies of PSD2, exploring its key components, the mechanisms it employs to secure electronic payments, and the profound impact it has on banks, businesses, and consumers alike. Join us as we unravel the threads of this pivotal directive and examine its role in the future of Lithuanian financial services.

Overview of PSD2 Regulation

PSD2 Regulation provides an overview of the European regulation for electronic payment services. It’s an amendment to the Payment Service Providers Directive (PSD) proposed by the European Commission in 2013.

The main objective of PSD2 is to enhance consumer protection, promote competition and innovation in the payment sector, and reinforce security in the payments market.

To facilitate compliance with PSD2, technical mechanisms like APIs play a crucial role in enabling third-party access to bank infrastructure. PSD2 also introduces Strong Customer Authentication (SCA) for enhanced security.

The implementation of PSD2 has faced challenges, including delays in the publication of regulatory technical standards and the impacts of the coronavirus pandemic.

Nonetheless, PSD2 aims to align payment regulation with the current market and technology state, ensuring security for electronic payments and promoting competition and innovation in payment services.

Purpose of PSD2

The purpose of PSD2 is to enhance payment security and promote innovation in banking services. This European regulation aims to create a safer and more innovative environment for electronic payments in Europe.

By implementing PSD2, the European Commission seeks to address the evolving landscape of payment services and adapt to new technologies. The regulation introduces important changes, such as allowing third-party access to bank infrastructure and regulating Payment Initiation Services (PIS) and Account Information Services (AIS).

It also emphasizes the importance of Strong Customer Authentication (SCA) for enhanced security. To comply with PSD2, banks have updated authentication elements and implemented technical mechanisms like APIs.

Major Changes Introduced by PSD2

Major changes introduced by psd2

With the implementation of PSD2, significant changes have been introduced in the way electronic payment services are regulated and accessed. These changes include:

  1. Third-party access to bank infrastructure: PSD2 allows authorized third-party providers to access bank accounts and initiate payments on behalf of customers. This promotes competition and innovation in the payment sector.
  2. Regulation of Payment Initiation Services (PIS) and Account Information Services (AIS): PSD2 regulates PIS, which facilitates online payments through bank accounts, and AIS, which provides customers with a global view of their financial situation.
  3. Introduction of Strong Customer Authentication (SCA): PSD2 mandates the use of SCA to enhance security in electronic payments. SCA requires customers to authenticate themselves using at least two factors, such as a password and biometric data.
  4. Use of APIs for compliance: PSD2 encourages the use of Application Programming Interfaces (APIs) to facilitate compliance with the regulation. APIs allow secure and seamless communication between banks and third-party providers, enabling the sharing of customer data and the initiation of payments.

Implementation of PSD2

To implement PSD2, you need to update authentication elements for customers and utilize technical mechanisms like APIs for compliance. Banks have already taken steps to update their authentication processes, ensuring that customers can securely authorize third parties to access their financial information.

Also, the technical mechanisms like APIs play a crucial role in facilitating compliance with PSD2. APIs enable secure data exchange between banks and third-party providers, allowing for the seamless sharing of account details and transactions.

However, the implementation of PSD2 has faced challenges, including delays in the publication of regulatory technical standards and readiness issues among online merchants.

Despite these challenges, the gradual implementation of PSD2 since January 2018 has led to increased security, competition, and innovation in the payment sector.

Timeline and Challenges of PSD2 Implementation

As you delve into the timeline and challenges of implementing PSD2, it’s important to consider the various obstacles that have arisen during the process. Here are four key challenges that have been encountered:

  1. Delays in regulatory technical standards: The publication of regulatory technical standards has faced delays, impacting the implementation timeline of PSD2.
  2. Readiness issues and compliance delays: Some banks and financial providers have faced readiness issues and compliance delays, leading to a failure to meet deadlines for providing testing environments to third-party service providers and delaying data handover to customers.
  3. Impact of the coronavirus pandemic: The coronavirus pandemic has added another layer of complexity to PSD2 compliance, affecting implementation timelines and causing further challenges for banks and TPPs.

PSD2 Compliance – A Bird Eye Overview

Ensuring compliance with PSD2 involves implementing various measures to meet the regulatory requirements. Banks and other payment service providers (PSPs) are required to update their authentication elements for customers and adopt technical mechanisms such as APIs to facilitate compliance. 

These APIs play a crucial role in securely sharing customer data with authorized third-party providers. Consumers are given the ability to authorize these third parties to access their financial information. However, the implementation of PSD2 has faced challenges and delays, including the publication of regulatory technical standards. 

Timeline and Compliance Issues

Compliance with PSD2 regulations involves adhering to specific timelines and addressing various challenges. Here are some key issues related to the timeline and compliance of PSD2:

  1. Deadline extensions: The original compliance deadline for PSD2 was set for September 14, 2019. However, due to readiness issues, the deadline was extended to December 31, 2020. In the UK, the Financial Conduct Authority set a new deadline of March 14, 2022.
  2. Delays and non-compliance: Many banks and financial providers faced challenges in meeting the compliance deadlines. Around 41% of European banks failed to provide a testing environment to third-party service providers by the March 2019 deadline. Data handover to customers was also delayed by some institutions, citing compliance and risk scenarios.
  3. Impact of the coronavirus pandemic: The pandemic added another layer of complexity to compliance, causing further delays and challenges for banks and payment service providers.
  4. Technical requirements and testing: The implementation of PSD2 involves technical requirements, such as the use of Open API interfaces. Testing and ensuring the readiness of systems and processes have been crucial in achieving compliance.

Get Free Consultation on Company Formation, Fintech &
Crypto Licensing, AML/CTF Compliance, Business Advisory &
Banking Solutions!

Get in Touch


Impacts of PSD2 Regulation on Banks and TPPs

impact of psd2 on banks and tpps

The impacts of PSD2 regulation on banks and TPPs include increased security measures and the promotion of open banking. Under PSD2, banks are required to implement Strong Customer Authentication (SCA), which involves multi-factor authentication using knowledge, possession, and inherence factors. This has resulted in a significant reduction in online payment fraud for many retailers. Banks are also mandated to share account details and transactions with third parties through APIs, promoting open banking and fostering innovation in payment and banking services. To provide a clearer understanding, here is a table summarizing the impacts of PSD2 on banks and TPPs:




Increased Security

Implementation of Strong Customer Authentication (SCA)

Compliance with security standards

Promotion of Open Banking

Sharing account details and transactions with third parties through APIs

Accessing and aggregating account information, initiating payments

These impacts highlight the importance of security and collaboration in the evolving landscape of payment services.

Opportunities and Benefits of PSD2

Discover the advantages and rewards that PSD2 brings to you as a consumer and participant in the banking and payment industry.

  1. New partnerships and open-banking APIs can add value by enhancing core offerings and capitalizing on consumer behavior. This means that you can enjoy a wider range of services and tailored solutions that meet your specific needs.
  2. The multi-factor authentication process is made easy for customers under PSD2. You can benefit from enhanced security measures while experiencing a seamless and convenient authentication process.
  3. PSD2 facilitates easier customer onboarding and better tools for managing finances. This means that you can quickly and easily set up accounts, access your financial information, and have more control over your money.
  4. Banks can use financial data to provide competitive services and foster innovation in payment and banking. This means that you can expect to see more innovative and personalized offerings from your bank that are designed to meet your evolving financial needs.

Strong Customer Authentication (SCA)

PSD2 enhances security and protects consumers’ financial data through the implementation of Strong Customer Authentication (SCA). SCA is defined in PSD2 as authentication using two or more factors, balancing security and user convenience. This authentication process improves the user experience while helping banks evaluate risk and adapt accordingly. By implementing SCA, banks can take a targeted approach in offering services and ensure that only authorized individuals have access to sensitive financial information. SCA has resulted in a significant reduction in online payment fraud for approximately 73% of retailers. To give you a better understanding, here is a table outlining the factors used in SCA:




Something only the user knows, such as a password or PIN.


Something only the user possesses, such as a mobile device or token.


Something inherent to the user, such as a fingerprint or facial recognition.

Open Banking API

To understand how PSD2 works and its impact on the banking industry, let’s delve into the world of Open Banking APIs. Open Banking APIs play a crucial role in the implementation of PSD2 by enabling secure data exchange and facilitating collaboration between banks and third-party providers.

Here are four key aspects of Open Banking APIs:

  1. Access to Account Information: Open Banking APIs allow third-party providers to access and aggregate account information from different banks, giving consumers a global view of their financial situation.
  2. Payment Initiation Services: Open Banking APIs enable payment initiation services, allowing consumers to make online payments directly from their bank accounts through third-party applications.
  3. Enhanced Security: Open Banking APIs adhere to strong security standards, ensuring that customer data is protected during the exchange between banks and third-party providers.
  4. Innovation and Competition: Open Banking APIs promote competition and innovation in the banking industry by enabling the development of new services and products that enhance the customer experience.

Cloud Platform for Digital Banking Services

You can harness the power of a cloud platform to optimize your digital banking services.

  • A cloud platform offers a reliable and scalable infrastructure that ensures regulatory compliance and customer trust.
  • With a cloud platform, you can enable secure onboarding and access to services, facilitating a seamless integration of banking services.
  • The cloud platform supports ongoing digital transformation, allowing you to leverage the latest technologies and innovations in the financial industry.
  • It provides the necessary tools and resources for managing and analyzing large volumes of financial data, enabling you to offer competitive services and improve customer experience.

As we’ve navigated through the intricacies of PSD2, it’s clear that this directive is more than a mere regulatory update—it’s a catalyst for a new era in European financial services. By mandating stronger security protocols, encouraging competition, and endorsing the rise of fintech, PSD2 is redefining the transactional relationship between consumers, banks, and third parties. 

Despite the hurdles in its implementation, including regulatory delays and the unforeseen complications brought about by a global pandemic, the directive has steadily set the stage for a more open, secure, and innovative banking ecosystem. 

The ongoing journey of PSD2 compliance reflects a broader commitment to a digitized, user-centric financial future. As this landscape continues to unfold, the collective adaptation and progress promise to benefit all stakeholders in the ever-evolving tapestry of modern finance.

Future of PSD2 and the new regulation of PSD3? 

The Payment Services Directive 3 (PSD3) represents the European Union’s progressive approach to refining the regulatory framework governing the payment services sector. Building on the foundation set by PSD2, PSD3 is currently in its draft stage and is anticipated to address emerging challenges in digital finance, such as enhancing security measures, extending consumer protections, regulating novel payment services, and improving market access. 

It is also expected to promote greater interoperability and standardization across the industry. With its implementation projected within the next two to three years, PSD3 will be instrumental in shaping a more integrated, innovative, and secure European payments ecosystem, thereby necessitating diligent attention and preparation from stakeholders in anticipation of the forthcoming changes.