easy portal contact
Language Switch

BLOG

PSD2 – What is behind it?

Banks have faced a new challenge when it comes to managing personal data. Since 2018, countries of the European Union have been obliged to implement the Payment Services Directive 2, or PSD2 for short.

Max. Reading time 14min
Last updated on February 2025

This directive was already adopted two years ago, but only has to be transposed into national law since the beginning of the year. Banks now have to meet the requirements laid down in the directive. The following PSD2 summary in this article is intended to show exactly what is described.

Until now, banks in Europe have been in a comfortable position when it comes to the management and use of customer data: they alone had the sovereignty over account information. For decades, therefore, not much has changed in the banking sector, even though there have been some innovations with technical innovations such as apps and contactless payment. Customers often remain loyal to the bank of their choice throughout their lives. The aim of the directive is to make European payment transactions safer and more convenient for customers, while at the same time creating more competition. One of the aims is to make bank data more open. This may not sound very impressive at first, but it could completely change money transactions.

PSD2 gives FinTech companies better market access

However, the European Commission hopes that the new regulations will also give smaller and innovative service providers, the FinTechs, better access to the financial market and its customers. This is because up to now it is mainly big banks that have been dominating the international and European financial markets.

Until the PSD2 directive came into force, the house banks alone had insight into the payment behaviour and creditworthiness of their customers, for example monthly direct debits. Until now, banks have often not made use of this. Now bank customers can decide for themselves how much they want to protect their own data and to whom they want to grant insight in order to be able to use new services in return. And this not only applies to their own bank, but also to external providers of financial services. The aim is to make banking transactions more convenient for customers – be it payment via the Internet or the management of their accounts.

Summarized in short form PSD2: PSD2 stipulates that banks must grant third-party providers access to customer accounts and data, so that authorised organisations and FinTechs can in future offer their services more easily to private customers – be it construction financing or insurance. Such services are connected via technical interfaces (APIs).

For example, if you have two accounts at two different banks, you should be able to manage and analyse both accounts via a third-party provider: According to the new directive, FinTechs operating such platforms will be allowed to link both accounts, so that the customer does not have to log in via the website of the respective banks, but can use an app, for example. There will also be new providers in the online payment market.

But there are also very tangible aspects, concerning the simplest data that banks have already had to provide since last year: This includes the exact location of the individual branches, details and comparison possibilities of individual products, but also where there are branches with disabled access.

But what are the concrete benefits of the PSD2 Directive – a summary

1. money management

Let’s stick to the example mentioned above: Let’s assume a customer has accounts or credit cards at two or three different banks. Until now, the customer had to look at each of these accounts separately because the banks’ individual systems were not compatible with each other. PSD2 now allows customers to view and compare them all at the same time in one system, for example using an app. This gives banks and financial service providers the opportunity to develop appropriate applications. Typically, these would be dashboards that provide an overview of incoming and outgoing payments. In the UK, for example, HSBC has released such a beta app to 10,000 customers.

But the possibilities go even further: For an invoice that the customer wants to pay online, for example, he can then see and evaluate the respective options for all three banks. Who charges what fees for the service? The customer can decide for himself which option he chooses – based on transparent data.

2. credit system

If you want to borrow money from a bank, you have to prove that your finances are good and that you are a reliable customer. PSD2 theoretically allows you to provide this information online, for example by giving investors one-time access to income and expenses for the last 12 months. There were providers that made this possible even before PSD2. However, until now it was necessary to release the login details for the respective account. PSD2 also enables small and medium sized companies to develop tools and apps that allow customers to share this data with third party providers without having to grant them direct access to the respective account (including passwords).

3. payment

The current payment system is indeed very complicated. One example: When someone orders a book on Amazon, the seller first contacts a provider such as WoldPay or Global Payments as an intermediary, who in turn contact Visa or MasterCard and debit the amount from the corresponding account. By opening bank details, it is possible to make the payment directly from a bank account, which is faster and – since it eliminates an intermediary – also cheaper. The bank authenticates the purchase without involving a third party organisation.

PSD2 promotes the security of customer data

Customers have a right to privacy and data security, even if they allow third parties to access their account. The PSD2 policy summary requires special security measures. The APIs that are used are trustworthy and the law requires account providers to provide authentication that allows both the user and the service to be reliably and securely identified: Two-factor authentication is required for payment processing and account access. This so-called open banking is therefore at least as secure as any other online banking – provided that the financial service providers have done their homework.

An API Economy changes business strategies of banks

The key question for banks with the new PSD2 directive is: How can added value be created by cleverly using an API Economy? Banks are currently exploring ways to leverage open APIs (Application Programming Interfaces) to expand and change their business model.

An API Economy places new demands on banks’ business strategies, their revenue streams and profitability. In the future, leading banks will have a clear focus on their customers and the market and will collaborate with other organizations to strengthen their market position – through increased use of digital technology platforms or tools that support their specific business strategy. Open Banking and an associated API Economy will enable new products and services through collaboration between different business units within the bank, with other banks across different industries, and between banks and other related business sectors, particularly companies active in the technology and data sectors.

PSD2 as a framework for an API Economy for banks

Banks that are either based in or operate from the European Union will develop their API Economy under the EU Payment Services Directive 2 (PSD2), which will come into force in the member states in January 2018. Basically, the directive requires banks to allow third party providers access to their customers’ online payment services and account information if customers so request – and to do so in a legally regulated and secure manner.

This does not mean, however, that banks outside the EU have remained passive when it comes to establishing an API Economy. In North America, for example, collaborations and partnerships are developing between players from different industries, FinTechs and other organizations to drive innovation in banking products and services. For example, Citi, Capital One and MasterCard have established exchanges with API developers to enable external developers to deliver new innovative products that benefit their customers. Other vendors such as Braintree and PayPal have developed APIs to simplify integration into e-commerce websites and to establish themselves in the marketplace.

Summarized in short form PSD2: PSD2 requires banks to give third parties access to customer accounts and data so that authorised organisations and FinTechs can more easily offer their services to private customers – be it construction financing or insurance. Such services are connected via technical interfaces (APIs).

For example, if you have two accounts at two different banks, you should be able to manage and analyse both accounts via a third-party provider: According to the new directive, FinTechs operating such platforms will be allowed to link both accounts, so that the customer does not have to log in via the website of the respective banks, but can use an app, for example. There will also be new providers in the online payment market.
But there are also very tangible aspects, concerning the simplest data that banks have already had to provide since last year: This includes the exact location of the individual branches, details and comparison possibilities of individual products, but also where there are branches with disabled access.

What is the concrete impact of the API Economy on the banking sector?

Banks serving either retail customers or small and medium-sized enterprises in Europe will be forced by the PSD2 to take one or both of the following steps.

1. customer data, which were previously only accessible to banks, will be made available to authorised third parties

PSD2 will force banks to provide certain information they have about their customers to third parties that are Account Information Service Providers (AISPs). These AISPs, once authorized, will be given access to customer data for commercial purposes. The idea is for AISPs to provide other banks and financial institutions with sufficient data to promote competition, increase product innovation and improve customer service. Banks can try to meet these challenges themselves or join forces with partners in trying to monetize customer data in new ways.

2. banks can develop new services for how customers’ payment transactions are processed and charged

PSD2 allows so-called Payment Initiation Service Providers (PISPs) to provide customers with alternative payment mechanisms that are directly linked to the bank account. This can lead to the elimination of existing card payment networks and associated fees. This is good news for vendors, as it should reduce the cost of fees when customers choose a PISP-based payment instead of an EC or credit card payment. It also eliminates transaction risks and ensures that funds are released more quickly.

If this also applies to large providers such as Amazon, it could lead to the elimination of fees altogether in the future, which could have a significant effect on bank revenues. Banks serving small and medium sized businesses will also come under pressure to open up to API technology.

Many companies are already frustrated that corporate banks are so slow to harmonize their services so that they can seamlessly integrate into increasingly digital supply chains. There is also a lack of interface standards across different banks, making connectivity difficult. APIs not only provide a solution to these problems, but also allow banks to more easily accommodate and promote third-party services.

New players in an API economy

The rise and establishment of an API economy will bring a whole range of new players to the financial market. These will take very different forms, some of which are already beginning to establish themselves on the market:

1. new banks as challengers

New banks entering the market with a more customer-focused approach, linking customers with their own products and services as well as with those of other providers. Their banking platforms and business models are called “API first” and they operate more like FinTechs than traditional banks.

2. financial technology companies, in short FinTechs

They specialise in certain banking products, but have a model that is much more transparent and less costly for customers.

3. technology giants like Facebook, Apple, Google or Samsung

They are interested in gaining access to open APIs to enhance their own customer data, customize their marketing strategies, customize their products and services, and strengthen their brand presence. Three of these technology giants (Apple, Google and Samsung) have already entered the world of payment systems, for example by offering their customers appropriate credit cards.

4. service sector without direct link to financial services

Service companies, such as utilities, could expand their services and offer services usually reserved for banks in order to increase their revenues and better monetize existing customer data.

5. Aggregators

Aggregators will also use both PISP and the AISP aspects of the PSD2 policy to develop services such as Personal Financial Management (PFM) tools. Current aggregators on the market, already collect simple product information and offer corresponding simple budget planning software for retail customers.

6. payment service providers (PSPs) and card networks

They will both be affected positively and negatively by PSD2. The idea behind PSD2 is to increase competition and reduce transaction costs for both customers and businesses. Providers such as WorldPay and credit card networks such as Visa and MasterCard will experience a slump in sales because the cards are used less. They will therefore look for new models, such as PISP and AISP, and offer new payment methods and mechanisms. Some – like PayPal – already offer such services, allowing direct account-to-account payments.

Enterprise Resource Planning (ERP) provider

They can also take advantage of the PSD2 directive by strengthening the link with their clients and providing new products tailored to their clients and for example specific tax issues, cash management or forecasting activities.

Traditional banks could establish 100% digital subsidiaries that are independent of the parent company’s existing legacy IT infrastructure. This is already the case in France, for example.

What role remains for banks in an API economy?

Ultimately, banks have two strategic options: They could operate as service providers, providing products and services to other banks and third parties, or they could evolve and become a lifetime partner for customers. They could thus move into the epicenter of a new, customer-focused banking sector by opening up in a timely and proactive manner to an API Economy – away from the previous, closed and inflexible banking system. Opening up to third-party providers will allow banks to take on a whole new role, as platform solutions for financial products and services are expected to become the norm in the coming years.

related articles

Capturing invoices in SAP – how it simply works better

Invoices reach your company in many different forms: sometimes still on paper, often as PDFs and, from 2025, as e-invoices. Invoice capture in SAP naturally handles the processing of these vendor or supplier invoices in an elegant way

READ MORE

AI and Strategic Decisions: From Automation to Decision-Making

Digital transformation is entering a new era with the rise of artificial intelligence (AI), reshaping how businesses manage and use information.

READ MORE

DMS trends 2025: AI in document management

What does the near future hold for document management (DMS)? The answer is clear: digital will continue to dominate, but now it will be accelerated by AI. Discover how these technologies can revolutionize the way you work

READ MORE
Newsroom Media Library Glossary