What is PSD2?

What are the most important things in PSD2?

From a consumer viewpoint, two of the most important things in PSD2 are:

• Better security when logging in through strong customer identification
• Opportunities for new financial services derived from Open Banking

PSD2 and strong customer authentication

Making electronic payments safer for consumers and minimising the risk of fraud – those are the ideas behind the PSD2’s strict security requirements for electronic payments. Payment service providers, such as banks, are therefore obliged to use so-called strong customer authentication (SCA) when a payer starts an electronic payment transaction – for instance, when you buy something online.

Strong customer authentication is needed to check whether you are really you and whether you have the right to carry out the electronic payment you are about to do.

What is two-factor authentication?

Strong customer authentication is done through a process called two-factor authentication. Two-factor authentication is when you use at least two independent elements to prove your identity.

These independent elements are either something you know, such as a password or a PIN, something you own, such as a mobile phone or a code-generating device, or something which is a part of you such as your fingerprint, your face or your voice. 

The aim is to minimise the risk of fraud and identity theft.

Most popular two-factor identification methods in the Nordics

One of the most prevalent ways of two-factor authentication is mobile phone apps such as:

• BankID/mobilt BankID (Sweden)
• MitID (Denmark)
• BankID (Norge)
• NordeaID and Mobiilivarmenne (Finland)

PSD2 and Open Banking

Open Banking is the practice of providing access to financial services, like for example your bank account information and payments, to other providers than your bank. Open Banking allows the networking of accounts and data across institutions for use by you as a consumer, other financial institutions than your bank and third-party service providers. All based on your consent.  

PSD2 strengthens the opportunities for open banking in the EU. More specifically, PSD2 regulates account information services and payment initiation services.

• Account information services mean accessing your bank account information from other places than your bank. An example: You have bank accounts in several banks, and you can now see all of the accounts in the same mobile app or online bank as the information is connected. The advantage to you as a consumer is that account information services can give you a much better overview of your financial situation.
   
• Payment initiation services mean paying from your bank account, but not through your own bank’s internet bank or mobile app.  An example: You buy something online and authorise the withdrawal of money from your bank account without opening your own bank’s online services. Instead, the website where you are shopping uses a third-party payment service. You don’t need to use a credit card either.

API – application programming interface

All this demands the exchange of data in real time to create a smooth customer experience, which is enabled by the use of so-called APIs. API stands for application programming interface, and it is an interface which can connect different IT systems, for instance from two different banks, and make them exchange information.