Payment Services Directive 2 (PSD2) Compliance
The Payment Services Directive 2 (PSD2) regulates online payment services and providers in Europe. PSD2 enables open banking by introducing Access to Account (XS2A). XS2A allows customers to use the services of third-party providers to access account information or initiate transactions on their behalf. PSD2 gives providers a regulated, open market to compete in, while providing customers more payment options and increased security.
The following list defines some of the goals of PSD2:
Defining third-party license types—To facilitate XS2A Account Access, PSD2 defines two types of third-party providers (TPPs), regulated by National Competent Authorities:
- Account Information Service Providers (AISPs): Service providers that aggregate and display the customer's online account information of one or more accounts held at one or more account servicing payment service providers (ASPSPs).
- Payment Initiation Service Providers (PISPs): Service providers that initiate payment transactions on behalf of the customer.
Increasing customer security—PSD2 includes Strong Customer Authentication (SCA), which is an authentication process that validates the identity of the user of a payment service or a payment transaction. For more information, see PSD2.
Increasing communication security with TPPs—PSD2 requires TPPs to use electronic Identification, Authentication and trust Services (eIDAS) certificates for electronic signatures and electronic seals. Qualified Trust Service Providers (QTSPs) issue the eIDAS certificates, further ensuring security.
PayPal and XS2A Implementation
PayPal enables XS2A use cases for TPPs through PayPal’s REST stack. Through PayPal's reliable and proven APIs, TPPs can access the same PayPal systems that power all of PayPal's merchant and consumer experiences.
PayPal provides interfaces and necessary documentation for TPPs that explain XS2A use cases like the following:
- Accessing a PayPal user’s account information, such as account balances and transaction history.
- Initiating payments from a PayPal user’s account to another PayPal user.
Are you an AISP or PISP looking to connect to PayPal? Contact us to get access and start testing PayPal’s XS2A implementation.
Here's a list of commonly used PSD2 terms.
|API||Application Programming Interface|
|AISP||Account Information Service Providers|
|ASPSPs||Account Servicing Payment Service Providers|
|EEA||European Economic Area|
|eIDAS||Electronic Identification, Authentication and Trust Services|
|NCA||National Competent Authority|
|PISP||Payment Initiation Service Providers|
|PSD2||Payment Services Directive 2|
|QTSPs||Qualified Trust Service Providers|
|RTS||Regulatory Technical Standards on Strong Consumer Authentication and Secure Communication|
|SCA||Strong Customer Authentication|
|XS2A||Access to Account|