What online businesses need to know about PSD2 bank payments

In September 2019, a new EU payment directive and its technical standards came into full effect – PSD2.

One of the most crucial changes is that it provides a strong legal framework for payment initiation from consumer bank accounts. Companies providing this kind of bank payments have seen strong growth over many years. PSD2 is a reaction to this, codifying rules to clarify the prerequisites and in effect support further growth as well as making sure existing and new providers comply with high security and consumer protection standards.

These payment companies are now called Payment Initiation Service Providers (PISPs) and require license. Previously, there has been some uncertainty in some markets, resulting in PISPs not being able to access accounts in all banks. With PSD2, all banks are required to allow and support PISPs to initiate payments.

The main changes brought by PSD2 for bank payment initiation services can be divided into two areas:

1. New bank requirements

2. New requirements for bank payment companies (PISPs)


1. Bank Requirements

There are two methods for banks to allow PISPs to initiate payments from bank accounts:

API (Application Programming Interface)

PISP connects through API – a technical specification/set of rules on how software components interact, allowing systems of different companies to work together efficiently

MCI (Modified Customer Interface) 

PISP connects through a modified version of the consumer online bank/customer portal. The PISP needs to be able to identify itself toward the bank

These two type of connections can be offered separately or in combination by banks, resulting in 3 potential combinations - API only, MCI only or combination of both. The options for a bank to achieve one of these combinations are described below.

Would you like to find out more about our insights on PSD2? Get our PSD2 report HERE.

  • financial services