PSD2 explained

PSD2, also known as the revised Payment Service Directive,  is a piece of legislation designed and used by countries of the European Union to govern their electronic payment services and payment service providers.  PSD2 replaced the first Payment Services Directive in 2015, was applied to all member states of the EU in January 2018, and was fully brought into the national laws by  EU member states in January 2021. As the main aim of PSD1 implementation was to establish uniform rules for the delivery of modern payment services and the creation of a single  EU market for payments,  PSD2 seeks to further modernize and integrate payment services to reach complete harmonization of the unified EU payments market.  Also, PSD2 includes some important changes made to reflect developments in payment technology and to reduce security, data, and fraud concerns. PSD2 with the principal goals to improve consumer protection, reinforce security in the payments market, boost competition and facilitate innovation in the sector, introduces some important new changes, including forcing payment services providers to improve customer authentication processes and widening the regulatory net to cover services that have access to a consumer’s bank account but are not the account service provider. To put it differently, PSD2 was designed to introduce higher security standards for online payments, bring in new regulations around third-party involvement,  give consumers more and better choices in the EU payment market and make them more confident when buying online. The application of the new directive means that entities that supply payment services within the EU, as well as in and out of it,  have to fully comply with the PSD2 requirements, including RTS.

What is RTS under PSD2?

Regulatory Technical Standards on Strong Customer Authentication and Common and Secure Communication, also known as RTS on SCA & CSC, are implementation requirements for payment service providers to achieve the objective of the PSD2 of ensuring consumer protection, promoting innovation and competition, and enhancing the security of payment services. In other words, RTS is a set of technical compliance standards developed by the European Banking Authority that need to be met by all payment service providers to fully comply with the PSD2. RTS defines concrete specific security measures only addressed through general objectives in PSD2 to ensure effective and secure communication between the relevant parties and boost consumer protection. These standards are directly applicable in the member states of the EU and do not have to be brought into national law, unlike PSD2.  Firstly, RTS describes the principles of SCA to ensure customer protection by increasing levels of security of e-payments as required under PSD2. These principles require the adoption of certain security elements, including those provided under eIDAS, that payment service providers must observe when they process payments or provide payment-related services to prevent financial fraud and theft. Also, PSD2 RTS defines exemptions from SCA for specific cases based on the transactional amount, risk,  reliability of payee, and other features to ensure the balance between security and speed of payments. To reach PSD2’s objective to bring more competition and innovation in the payment market, RTS includes two new types of payment services, the payment initiation services, and the account information services. Common and Secure Communication requirements, as defined in RTS, ensure the establishment of open and standard communication channels between all parties – Account Information Service Providers or AISPs,  Payment Information Service Providers or PISPs, banks, payees, payers, and other service providers as per PSD2. PSD2 RTS ensures adequate security by regulating how the access to the customer’s account is shared between the bank and the AISP or PISP and places AISPs and PISPs on the same level playing field as other financial institutions.  Overall, RTS harmonizes the information requirements in the authorization process across the EU and facilitates the application process, ensuring a level playing field in a rapidly changing market environment for all payment service providers, including new third-party providers brought into play by PSD2. Find out more about PSD2 RTS: