- HOME
- Banking & payments
- Payment Service Directive 2 (PSD2) – Definition & Glossary of Terms
Payment Service Directive 2 (PSD2) – Definition & Glossary of Terms
PSD2 or Payment Services Directive 2 is the revised version of the EU directive that was implemented in 2007. This glossary covers the definition of the most important terms of PSD2.
3DS 2.0 (3-D Secure)
3DS is a payment authentication method for online transactions. Card holders must provide additional verification such as a password or a one-time PIN. This protects the buyer’s card from fraud or unauthorized use.
Account Information Service Provider (AISP)
AISP is a third-party service provider who collects an account holder’s information, such as bank balance and transaction history, to provide a consolidated view of the user’s finances or manage multiple bank accounts. Fintech companies, companies providing financial services, and banks can be AISPs. One example, Yodlee Inc. in the UK, which provides bank account information in one screen. When an AISP is integrated with an accounting app like Zoho Books, an account holder can view and reconcile bank statements from multiple bank accounts.
Application Programming Interface (API)
An API is a piece of software that allows two applications to talk to each other. For example, let’s suppose that you want to book a hotel room using the booking.com app on your mobile phone. To book the hotel room, you need to enter the location and dates along with other details. Booking.com connects to the internet and sends a request to its server. Its server then retrieves the relevant data, interprets it, and sends a list of hotels that match the categories you’ve entered back to the booking.com app in your phone. The hotel information is fetched through API.
Card Not Present (CNP)
Card Not Present refers to online payment transactions, where the customer, business owner, and payment card are not all present at the same location. The main objective of PSD2 is to prevent fraud in the CNP process.
European Banking Authority (EBA)
The EBA is a European authority that ensures consistency in regulation and supervision across the European banking sector. For PSD2, they are responsible for issuing Regulatory Technical Standards and guidelines.
European Economic Area (EEA)
The European Economic Area consists of 28 countries. This includes European Union (EU) member states along with Iceland, Liechtenstein and Norway. PSD2 will apply to payment transactions made within the EEA, payments made from the EEA to other countries, and payments from other countries to the EEA, in all currencies.
Electronic Identification, Authentication and Trust Services (eIDAS)
This is a framework for electronic transactions made in the European Single Market. This framework specifically sets standards for electronic identification and trust services. In the PSD2 context, eIDAS sets standards for Strong Customer Authentication (SCA) for remote payments.
Know Your Customer (KYC)
In the context of PSD2, KYC is the authentication required to make secure payments. This done through SCA (Strong Customer Authentication) or Transaction Risk Analysis.
Merchant
A merchant is a business owner or a business that supplies goods or services in exchange for payment (usually card payment). PSD2 ensures that the customer’s Payment Service Provider is secure enough to make payments to their merchants.
Merchant Acquirer
Merchant Acquirers are merchant banks who allow business owners to process and accept card payments.
Merchant Initiated Transaction (MIT)
Merchant initiated transactions are authorised payment transactions that are initiated by the merchant or payee. This requires no intervention from the payer or customer, since their bank account will be directly debited for a fixed or variable amount when the transaction is initiated. This can be a one-time transaction or a recurring transaction.
Payment Initiation Service Provider (PISP)
PISPs are regulated entities like retail banks or third parties, that allow customers to make payments without accessing bank accounts or cards. PSD2 enables authorised PISPs to access customers’ bank accounts through an API to initiate payments. Good examples of PISPs include American Express Payment Services and GoCardless Ltd.
Payment Services Directive 2 (PSD2)
This is the second payment services directive that is applicable in the EU. This directive will regulate payment services and payment service providers in the European Union and European Economic Area. PSD2 will replace the PSD implemented in 2007 which standardised SEPA payments, or bank transfers, made in the European region. PSD2’s objective is to reduce payment fraud and increase competition with an open banking system.
Payment Service Provider (PSP)
In the PSD2 context, a PSP is the entity that enables merchants to accept online payments such as credit card, debit card, or bank transfer (direct debit or SEPA) either with or without a merchant account. PSPs are combinations of payment gateways and payment processors. They partner with banks to enable the merchants to accept payments.
Payment Institution (PI)
In the context of PSD, any payment service provider that follows the PSD regulations are certified as a Payment Institution. Payment service providers like Paypal and Stripe are certified as PIs in Europe.
Regulatory Technical Standard (RTS)
The Regulatory Technical Standard sets the rules based on which PSD2 will be implemented. The European Banking Authority needs to ensure that the RTS is properly developed to meet the objectives of PSD2.
Strong Customer Authentication (SCA)
This is an authentication method that will be used under PSD2 to secure payments. This authentication method uses two of the following three elements to authenticate a payment initiation: 1. something the customer knows (like a PIN or password), 2. something the customer has (like a phone, hardware token, or laptop), and 3. something the customer is (like a finger print or face recognition). Banks will require all payments to have SCA and will decline payments that don’t meet these standards.
Third Party Provider (Payment Service Provider)
TPPs are service providers that allow merchants to accept payments without a merchant account, such as Paypal. TPPs enable customers to access their money to make payments without going through the bank. In the context of PSD2, TPPs must ensure that they meet the specified security standards and can provide consumer data in accordance with the PSD2 regulation.