General Banking
Payment Services Directive 2
PSD2 (the Second Payment Services Directive) is a European Union regulation that governs electronic payments across the European Economic Area. Enacted in 2018, it replaced the original PSD and introduced two major changes: mandatory Strong Customer Authentication (SCA) and the requirement for banks to open account access to licensed third-party providers (open banking).
PSD2 creates two new categories of regulated providers: Account Information Service Providers (AISPs), which can read account data with the customer's consent, and Payment Initiation Service Providers (PISPs), which can initiate payments directly from a customer's bank account. Banks must provide secure APIs for these providers to connect to. SCA requires at least two independent authentication factors (something you know, have, or are) for most electronic payments, including SEPA transfers and online card transactions.
PSD2 fundamentally reshaped European payments by breaking banks' monopoly on account access. It enabled fintech applications that aggregate accounts from multiple banks, initiate payments without cards, and offer new financial services. The regulation is overseen at the EU level and implemented nationally alongside standards set by the European Payments Council. Its successor, PSD3, is currently being developed to address gaps in fraud prevention and extend open banking further.
Back to all terms.