PSD2 – The basic payment standard in Europe

What is PSD2?

PSD2 or “Payment Services Directive 2” is the basic standard for payments in the European Union. The reason for the 2 is that it is an update of the previous PSD1, which was, back in 2007, the first European directive on payment services.

PSD2 was approved in 2015, and contains regulations for consumers as well as for merchants and financial institutions, such as PaynoPain. The aim of PSD2 is to unify the payments market in Europe, encouraging innovation and technological development in the financial sector while improving the protection of consumers of fintech services.

European Union directives must be transposed into the national law of the member states in order to be effectively applied. In Spain, PSD2 is transposed into Spanish law by Royal Decree Law 19/2018 on payment services.

The payment services regulated in Royal Decree Law 19/2018 are as follows:

• The deposit of cash into a payment account
• The withdrawal of cash from a payment account
• The execution of payment transactions
• The issuance of payment instruments
• Acquiring payment transactions
• Sending money
• Payment initiation service
• Account information service

Key changes in PSD2

PSD2 has two main pillars: payment method innovation and security. To meet these and its innovation objectives, PSD2 develops the following:

• Minimum authentication requirements: also known as SCA (Strong Customer Authentication), which obliges the user to use a two-factor authentication when carrying out payment transactions. This strong authentication will be required when the consumer enters their bank card details on any website to make future payments (e.g. subscription-based streaming services) and when making a purchase from an online retailer located in the European Union.
• New regulated services: PSD2 introduces two new payment services to accommodate consumers’ preferences and ensure that they can access the new services with full guarantees. These services are:
  • Payment Initiation Service (PIS): which allows transactions to be ordered between the consumer’s account and the merchant’s account via an API between their online banking services, remotely completing the necessary information for the transfer.
  • Account Information Service (IAS): used to collect, store and organise information from different accounts of the same consumer in a centralised manner.
• Opening by all institutions, including banks, of their online environments to other institutions and third parties. This development is key to the entry of new players in the market, especially companies that provide the services mentioned above, as they will be able to connect, usually via APIs, to consumers’ online banking (always with their authorisation) without their bank being able to block them.

What is an API?

An API (Application Programming Interface) is software that acts as a communication bridge between the bank and the various service providers (Third Party Providers) authorised by the consumer. APIs enable secure communications between all parties, guarantee the confidentiality of consumer data and certify the security of all transactions.

PaynoPain and PSD2

PaynoPain is an innovative company committed to the spirit of PSD2. As a licensed entity supervised by the Bank of Spain, PaynoPain complies with the requirements of PSD2 through the Spanish regulations transposing the standard into Spanish law.

Compliance with PSD2 regulations, as well as with PCI-DSS standards, allows PaynoPain to ensure maximum confidentiality of its customers’ and users’ data and transaction information.