Payment Services Directive 2 (PSD2) Compliance

DocsCurrentLast updated: October 12th 2021, @ 6:58:00 pm


The Payment Services Directive 2 (PSD2) regulates online payment services and providers in Europe. PSD2 enables open banking by introducing Access to Account (XS2A). XS2A allows customers to use the services of third-party providers to access account information or initiate transactions on their behalf. PSD2 gives providers a regulated, open market to compete in, while providing customers more payment options and increased security.

PSD2 goals

The following list defines some of the goals of PSD2:

  • Defining third-party license typesTo facilitate XS2A Account Access, PSD2 defines two types of third-party providers (TPPs), regulated by National Competent Authorities:

    • Account Information Service Providers (AISPs): Service providers that aggregate and display the customer's online account information of one or more accounts held at one or more account servicing payment service providers (ASPSPs).
    • Payment Initiation Service Providers (PISPs): Service providers that initiate payment transactions on behalf of the customer.
  • Increasing customer securityPSD2 includes Strong Customer Authentication (SCA), which is an authentication process that validates the identity of the user of a payment service or a payment transaction. For more information, see PSD2.

  • Increasing communication security with TPPsPSD2 requires TPPs to use electronic Identification, Authentication and trust Services (eIDAS) certificates for electronic signatures and electronic seals. Qualified Trust Service Providers (QTSPs) issue the eIDAS certificates, further ensuring security.

PayPal's XS2A implementation

PayPal enables XS2A use cases for TPPs through PayPal’s REST stack. Through PayPal's reliable and proven APIs, TPPs can access the same PayPal systems that power all of PayPal's merchant and consumer experiences.

PayPal provides interfaces and necessary documentation for TPPs that explain XS2A use cases like the following:

  • Accessing a PayPal user’s account information, such as account balances and transaction history.
  • Initiating payments from a PayPal user’s account to another PayPal user.

Contact us

Are you an AISP or PISP looking to connect to PayPal? Contact us or Register as a third-party provider with PayPal. After registering with us, we will verify your TPP License Certificate, enable PayPal XS2A Scopes on your REST Client ID, and email your TPP registered email address. You can start integrating and testing PayPal XS2A to Go Live.

Interface performance

PayPal's XS2A interface leverages PayPal's high-performance REST API stack to ensure best performance and availability for TPP access. Download this datasheet to review PayPal’s interface performance data.

PayPal UK Ltd under the payment services regulations

From 1 November 2023, PayPal UK must also publish information on the performance and availability of dedicated interfaces for third party access. Download this datasheet to review PayPal UK Ltd’s interface performance data.

PSD2 glossary

Here's a list of commonly used PSD2 terms.

TermDefinition
APIApplication Programming Interface
AISPAccount Information Service Providers
ASPSPsAccount Servicing Payment Service Providers
EEAEuropean Economic Area
eIDASElectronic Identification, Authentication and Trust Services
EUEuropean Union
NCANational Competent Authority
PISPPayment Initiation Service Providers
PSD2Payment Services Directive 2
QTSPsQualified Trust Service Providers
RTSRegulatory Technical Standards on Strong Consumer Authentication and Secure Communication
SCAStrong Customer Authentication
TPPsThird-Party Providers
XS2AAccess to Account