• Skip to primary navigation
  • Skip to main content
  • Skip to footer
CUBE announces its acquisition of The HubCUBE announces its acquisition of The HubCUBE announces its acquisition of The Hub

CUBE global

  • Products
        • RegPlatform product overviewOur enterprise product, providing regulatory intelligence for large, global financial institutions looking to tackle complex compliance.
        • RegAssure product overviewOur highly intuitive, seamless compliance product, that grows with your small or medium sized business.
        • View all products
  • Solutions
        • PrivacyGlobal governance for data privacy regulations, the world over
        • RecordsHolistic oversight of ever-growing regulations for records
        • CybersecurityAutomated workflows for up to date, relevant data on cyber
        • Technology riskEffective policies and controls to mitigate technology risk
        • Financial crime and AMLWatertight audit trails to show risk-based rationale
        • View all solutions
  • Resources
        • Resource hubLifting the lid on financial services, compliance, and regulation
        • Read

        • Case Studies
        • Blog posts
        • Reports
        • Brochures
        • Find

        • Compliance Corner
        • Compliance Confessions
        • ESG Conference
        • CUBE’s regulation game
        • Listen

        • Videos
        • Webinars
        • Podcasts
  • Partners
        • Advisory and consulting partnersEnhance your regulatory compliance offering with the entire suite of CUBE regulatory data.
        • Integration partnersCompliance is complex enough without over-complicated integration procedures.
        • Technology partnersAdd value to existing customer applications with a unified window into regulatory intelligence.
        • Partners overview
  • About us
        • About usThe story of who we are, how we got here and why we’re exceptionally proud of what we do
        • TeamThe visionaries and leaders powering CUBE’s success
        • NewsThe latest news from CUBE
        • CareersOur movement to transform regulatory data into regulatory intelligence
        • ContactWant to know more? Get in touch
  • Request a demo
Customer login
Home » Resources » What is the Payment Services Directive 2 (PSD2)?

Estimated reading time: 4 minutes

What is the Payment Services Directive 2 (PSD2)?

The second version of the Payment Services Directive (PSD2) is a European Union framework for safer online payments. 

Introduced in 2016, the directive’s purpose is to help customers feel more secure when using online payment and open banking technology, and make the actions of payment service providers fairer, while also holding them accountable.

What is PSD2?

This is the second iteration of the payments services directive, which was introduced in January 2016. Its purpose is to make the open banking and payments industry better on behalf of the customer. This focus is on increased security, visibility and innovation. 

The first iteration of PSD was introduced in order to stimulate competition among European banking and payments providers, as well as to accelerate development. 

Now, the introduction of PSD2 has three new targets to better the payments services industry as it expands on previous legislation. These are: 

  • increasing the rights of customers 
  • reducing fraud through extra security measures
  • introduction of third party payment providers for better integration

Features of PSD2

Each of the features of this PSD2 regulation has a number of mechanisms driving its success. 

Customer rights

When looking at customer rights, the SCA looks specifically at how complaints are handled, or whether consumers are being treated fairly. For example, financial institutions have no longer got the ability to add surcharges to credit cards, debit and prepaid cards as this is unfair to the consumer. 

In this case, compliance with frameworks such as PSD2 are a huge advantage, since the financial institution is able to build more trust with its customers. 

Moreover, customers are able to make more informed decisions with features like the terms and conditions being clearly visible and the T&C approval as part of the process. PSD2 looks to increase transparency through complaints handling and reporting, with the publishing of a new framework and guidelines on how to report to the authorities. 

Funds for electronic payments are sometimes allowed to be earmarked, which means an estimated amount is taken from the account holder before the true amount is later charged. But this sometimes leaves customers without access to the money that they would eventually have. 

Therefore, while pre-authorisation is still allowed, financial institutions are required to adhere to strict deadlines in order to free up the earmarked money as soon as possible.

Increased security

A large part of the innovation factor around PSD2 is the two-factor authentication around payments. This requires two out of the following multi-factor authentication methods:

  1. Knowledge: such as a password, or account retrieval questions
  2. Possession: such as a passcode to your phone
  3. Inherence: something unique to the owner, such as a fingerprint

There are certain exemptions, such as face-to-face contactless card payments and transactions under €30, which are strong authentication on their own. However, the overall purpose of this extra account information feature is to reduce instances of fraud.

Third-party payment providers (TPPs)

Finally, there is a huge focus on integration with new technology as part of the third-party provider feature. This requires the nine biggest banks to create their own APIs so that independent providers can create and link their new services.

It may sound like the new financial service provider is essentially piggybacking off their customer base, but remember that the regulation also applies to them.

Therefore, any new services would be approved by the regulators, and in keeping with the theme of this regulation, would be created to benefit the payment service user and protect financial data. The aim is to increase customer visibility and control. 

Who must comply?

Financial institutions, specifically the payment service provider, are the primary focus of PSD2. The directive also sets out a legal framework on the consumer protection side, spanning across each of the nations that are inside of the European Economic Area. 

Fundamentally, PSD2 compliance means a focus on Strong Customer Authentication (SCA) requirements, which largely focus on the Know Your Customer framework and two-factor authentication (2FA). Moreover, tokenisation and the dynamic linking of payments have enabled further customer protection through the anonymisation of data.


In order to remain compliant with PSD2 and evolving regulations across the banking and payments industry, build your compliance from the ground up with CUBE. 

Speak to the team

Related resources
View all articles
What is RegTech
Compliance Corner

What is RegTech?

What is hemp banking and what regulations are there
Compliance Corner

Hemp Banking

Find out all about the UK's Big Bang 2.0 financial regulation
Compliance Corner

UK government Big Bang 2.0

current US ESG regulations blog
Compliance Corner

What are the current US ESG regulations?


Want CUBE updates and latest industry news sent straight to your inbox?

Footer

Add CUBE logo here

  • Products
    • Partners
    • Solutions
  • Resource hub
    • Blogs
    • Reports
    • Brochures
    • Compliance Corner
    • Webinars
    • Podcasts
    • Videos
  • Behind CUBE
    • About us
    • Meet the team
    • Careers
    • News
    • Contact us
  • The legal bits
    • Privacy policy
    • Cookie policy
    • Terms of use
    • Accessibility
Follow us:
  • LinkedIn
  • Twitter
  • YouTube

© 2023 CUBE Content Governance Global Limited

  • English
  • US

envelope

Want CUBE updates and latest industry news sent straight to your inbox?

Sign up to our Newsletter here