PSD2 Payment Services Directive
European Union
2015
Payments
Overview
Key Obligations
- Banks must provide regulated third parties access to customer payment accounts via APIs
- TPPs must be licensed and authorized under national competent authorities
- Strong Customer Authentication (SCA) is mandatory for most electronic transactions
- Consumers must be protected against unauthorized transactions with clear liability rules
- All payment service providers must report major security incidents and fraud metrics
Stay ahead of risk with Signzy
Explore tools that help you onboard, monitor, and verify with confidence
Identity Verification
Use facial match and liveness checks paired with government ID verification to validate users while onboarding.
One Touch KYC
Launch global KYC flows with built-in document OCR, liveness checks, deepfake detection, and AML, all through a single, customizable dashboard.
AML Screening
Screen users against Politically Exposed Persons (PEP), watchlists, sanctions lists, adverse media, and more through one-time screening and advanced monitoring.
FAQ
Who is impacted by PSD2?
Banks, payment institutions, fintech platforms, merchants, and TPPs offering financial services within the EU and EEA.
What is Strong Customer Authentication (SCA)?
It is a security requirement using two or more factors (e.g., password, phone, biometrics) to verify customer identity.
How does PSD2 support open banking?
It obligates banks to share customer account data with licensed third parties when customers give consent.
Is PSD2 still valid after Brexit?
The UK implemented PSD2 in 2018, but it now follows its own regulatory path post-Brexit via the UK Payment Services Regulations.