Payment Services Directive 2 (PSD2) Compliance
DocsCurrentLast updated: October 12th 2021, @ 6:58:00 pm
The Payment Services Directive 2 (PSD2) regulates online payment services and providers in Europe. PSD2 enables open banking by introducing Access to Account (XS2A). XS2A allows customers to use the services of third-party providers to access account information or initiate transactions on their behalf. PSD2 gives providers a regulated, open market to compete in, while providing customers more payment options and increased security.
The following list defines some of the goals of PSD2:
Defining third-party license types—To facilitate XS2A Account Access, PSD2 defines two types of third-party providers (TPPs), regulated by National Competent Authorities:
- Account Information Service Providers (AISPs): Service providers that aggregate and display the customer's online account information of one or more accounts held at one or more account servicing payment service providers (ASPSPs).
- Payment Initiation Service Providers (PISPs): Service providers that initiate payment transactions on behalf of the customer.
Increasing customer security—PSD2 includes Strong Customer Authentication (SCA), which is an authentication process that validates the identity of the user of a payment service or a payment transaction. For more information, see PSD2.
Increasing communication security with TPPs—PSD2 requires TPPs to use electronic Identification, Authentication and trust Services (eIDAS) certificates for electronic signatures and electronic seals. Qualified Trust Service Providers (QTSPs) issue the eIDAS certificates, further ensuring security.
PayPal's XS2A implementation
PayPal enables XS2A use cases for TPPs through PayPal’s REST stack. Through PayPal's reliable and proven APIs, TPPs can access the same PayPal systems that power all of PayPal's merchant and consumer experiences.
PayPal provides interfaces and necessary documentation for TPPs that explain XS2A use cases like the following:
- Accessing a PayPal user’s account information, such as account balances and transaction history.
- Initiating payments from a PayPal user’s account to another PayPal user.
Are you an AISP or PISP looking to connect to PayPal? Contact us or Register as a third-party provider with PayPal. After registering with us, we will verify your TPP License Certificate, enable PayPal XS2A Scopes on your REST Client ID, and email your TPP registered email address. You can start integrating and testing PayPal XS2A to Go Live.
PayPal's XS2A interface leverages PayPal's high-performance REST API stack to ensure best performance and availability for TPP access. Download this datasheet to review PayPal’s interface performance data.
PayPal UK Ltd under the payment services regulations
From 1 November 2023, PayPal UK must also publish information on the performance and availability of dedicated interfaces for third party access. Download this datasheet to review PayPal UK Ltd’s interface performance data.
Here's a list of commonly used PSD2 terms.
|Application Programming Interface
|Account Information Service Providers
|Account Servicing Payment Service Providers
|European Economic Area
|Electronic Identification, Authentication and Trust Services
|National Competent Authority
|Payment Initiation Service Providers
|Payment Services Directive 2
|Qualified Trust Service Providers
|Regulatory Technical Standards on Strong Consumer Authentication and Secure Communication
|Strong Customer Authentication
|Access to Account