psd2-law-how-affect-me Cybersecurity

What is PSD2 and How it Affect me? In Detail

13/09/19 6 min. read

Last year GDPR (General Data Protection Regulation) was brought in. Now Europe returns to legislate with a new law that affects banks. The PSD2 law aim is protect citizens even further. This law will come into force this Saturday, September 14th. But what exactly is PSD2 and what effects will it have on your everyday life?

Although his name may lead us into error, PSD2 is not the new android that will appear in The Rise of Skywalker, the Star Wars saga newest release. PSD2 is the second part of payment services regulation that came into effect more than 12 years ago, hence the 2 in its name. And what does the acronym PSD mean? They are the acronym for  Payment Service Directive.

Once the presentations are made, let’s get onto the subject.

psd2 european new law for mobile payments

How will PSD2 affect me?

The first thing we will notice as customers is that we will access the mobile app or the bank’s website using our access password plus a code. This code will be sent to the mobile phone number you have registered by SMS. Therefore it is important to make sure your data is up to date.

What is the PSD2 goal?

For consumers, the purpose is clear. PSD2 seeks to protect European citizens by adding security to the payments they make and thus reducing the risk of fraud. To achieve this, an extra layer of security will be added to our access to online banking. So, in order to access, we will be asked for our access code, then a second test will confirm that we are who we say we are.

This second verification factor cannot be another password (something we have memorized). It needs to be something we have, for example a coordinate card or a notification or message to our mobile phone. Or something that we are, that is, a biometric test such as a facial or voice recognition.

? Talking about Biometry… Keep reading if you are interested: Biometry, fiction or reality?

Payment Services Directive 2 also increases the protection of bank customers against fraudulent transactions, limiting to 50 euros the amount that the customer will have to pay in case of fraud or negligence, cutting it down from the current amount of 150 euros. In addition, the law bans merchants from making additional charges both in physical stores and on the Internet for payment with debit or credit cards. That means, a store cannot charge you more for paying by card.

How does the opening of bank payment services to third parties work?

Perhaps the most interesting fact is the liability of the banks to open their payment services to third parties, allowing the entry of new actors and promoting competition and innovation, something that will have a positive impact in one way or another in our pocket as consumers.

This opening would be twofold. On the one hand, banks will have the obligation to share all the information related to our movements, balances and accounts with those companies to which we grant access. This will improve our user experience since financial aggregators can give us our account information accurately. These companies are the ones we know as Account Information Service Providers.

On the other hand and more interestingly, our bank will have to allow through  new services that we make payments directly against our bank account. These services may be used by other companies to create new payment experiences. With this capacity, limitation is imposed by imagination itself, since it will allow the decentralization of the payment, which will go beyond the classic actors and networks. These third parties are what the industry calls Payment Initiation Service Providers.

And how are the banks facing the PSD2?

The greatest criticisms come for this double objective I mentioned before. On the one hand, it seeks to guarantee the security of payments by adding new factors to the formula, but on the other it forces the banks to open for the initiation of these payments, which seems that  beforehand can go against security.

Therein lies the challenge that must be faced. It is not only a challenge at a technological level but also of the business itself, of innovation and of user experience. The PSD2 law says “what” has to be accomplished, but not the “how” to comply. It is the job of the banks themselves to find a magic formula that allows them to comply with the obligations established by the law and which in turn is safe and not cumbersome for users.

As I started saying, once it goes into effect on September 14, you will have to use a two-step verification code to enter your online banking. The use of APIs that allow secure access to information and biometrics will be two very important actors in the future compliance with this law.

From here we will see how little by little we will have new possibilities and services related to our payments that will come in our day to day and that in turn will comply with the security and confidence that the European regulations mark.

To finish and following the cinematic analogy with which we started … will we see a new Payment Service Directive in the future that closes the trilogy of payment laws? Undoubtedly, a future PSD3 is more than likely … Perhaps it is not a third but a “reboot” so fashionable lately, but surely we will see new efforts of legislation by the European Union.

Alfonso Suarez

Alfonso Suárez


Working with smartphones and payments. I have had adventures worldwide and love roller coasters. “Technology is a fundamental part of our daily lives, let’s learn live with it”.


👉 My LinkedIn profile


Other posts