Roqqett Blog

June 13, 2024
Author: Patrick McDill

Understanding the Revised Payment Services Directive: What You Need to Know

Learn the essentials of PSD2, its impact on payments, and how it differs from PSD1. Stay compliant and secure.

Quick Summary

  • PSD2 enhances consumer protection by introducing Strong Customer Authentication (SCA) and other security measures.
  • The directive promotes innovation and competition by allowing third-party providers to access payment services and data.
  • PSD2 has significant implications for e-commerce, particularly in terms of increased security for card-not-present transactions.
  • Businesses need to make necessary technological investments to comply with PSD2 requirements, including data protection and privacy measures.
  • The future of payment services is evolving, with PSD3 expected to bring further regulatory changes and challenges.


The Revised Payment Services Directive (PSD2) is a European regulation introduced in 2009 aimed at improving the payments landscape across Europe. All businesses dealing with payments in Europe need to be aware of PSD2 regulation. This article will walk you through the essentials of PSD2, how it compares to PSD1, and how it has changed the payment landscape.

Key Objectives of the Revised Payment Services Directive

The Revised Payment Services Directive (PSD2) was introduced to address the evolving landscape of payment services and to ensure a more secure and competitive environment within the European Economic Area (EEA). PSD2 sets a framework for redefining the European payments ecosystem by driving innovation and enhancing consumer protection.

Enhancing Consumer Protection

One of the primary objectives of PSD2 is to enhance consumer protection. The directive obligates all payment processors and digital banking providers to utilize multi-factor authentication for user login. This measure significantly reduces the risk of fraud and unauthorized transactions, providing consumers with greater peace of mind.

Promoting Innovation and Competition

PSD2 encourages innovation and competition by facilitating new market entrants, such as third-party providers of account information and payment initiation services. This open banking approach allows consumers and businesses to view and execute their banking and transaction activity in a unified manner across the EEA, fostering a more dynamic and competitive market.

Improving Security Measures

Improving the transparency and security of payment services is another key objective of PSD2. By setting stringent security requirements, the directive aims to protect sensitive financial data and ensure secure transactions. This not only benefits consumers but also helps build trust in the digital payment ecosystem.

Comparing PSD1 and PSD2

Major Differences

The first Payment Services Directive (PSD1) was adopted in 2007 to establish the legal foundation for an EU single market for payments. PSD2, approved in 2015, introduced significant updates to ensure consumer protection across all payment types and foster a more open, competitive payments landscape across Europe. One of the major differences between PSD1 and PSD2 is the regulation and harmonization of Payment Initiation Services (PIS) and Account Information Services (AIS), which have become more popular in recent years.

Impact on Payment Service Providers

PSD2 has had a profound impact on payment service providers by opening up the market to new players and increasing competition. This has led to the emergence of innovative payment solutions and services. Additionally, PSD2 has imposed stricter security requirements, compelling providers to enhance their security measures to protect consumers.

Legal and Regulatory Changes

PSD2 introduced several legal and regulatory changes to address the shortcomings of PSD1. These changes include:

  • Enhanced consumer protection measures
  • Increased transparency in payment services
  • Stricter security requirements, including Strong Customer Authentication (SCA)
The transition from PSD1 to PSD2 marked a significant shift in the regulatory landscape, aiming to create a more secure and competitive environment for payment services in the EU.

Strong Customer Authentication (SCA) Under PSD2

What is SCA?

Strong Customer Authentication (SCA) is a requirement of the PSD2. It's a combination of three elements businesses can use to authenticate a payment. These elements include something you know, own, and are — for example, a password, phone, or fingerprint. The aim of SCA is to reduce fraud and make online payments more secure by adding an extra step for authentication.

Implementation Challenges

Implementing SCA can be complex for businesses. They need to integrate multi-factor authentication methods, which may involve significant technological investments. Financial institutions can permit payment service users to use a combination of PINs, biometrics, and message verification techniques to access their payment accounts. This can be a challenging process, especially for smaller businesses.

Benefits for Consumers and Businesses

SCA offers numerous benefits for both consumers and businesses. For consumers, it provides an added layer of security, making online transactions safer. For businesses, it helps in building trust with customers by ensuring secure payments. Additionally, it can lead to reduced fraud-related losses.

With the right security level brought by SCA and risk monitoring, new partnerships and open-banking APIs can generate value.

In summary, SCA is a crucial component of PSD2, aimed at enhancing security and reducing fraud in online payments.

Impact of PSD2 on E-commerce

The Revised Payment Services Directive (PSD2) has brought significant changes to online payment processes. One of the most notable changes is the requirement for Strong Customer Authentication (SCA), which mandates multi-factor authentication for online transactions. This aims to reduce fraud and enhance security for consumers.

PSD2 aims to make payments more secure in Europe while enhancing security, boosting innovation, introducing new technologies, and increasing competition. The directive specifically targets card-not-present (CNP) transactions, making them safer through the implementation of SCA. This has led to a reduction in fraud rates but has also introduced some friction in the payment process.

Merchants have had to adapt to the new requirements under PSD2, which include updating their payment systems to support SCA. This has involved significant technological investments and has sometimes resulted in lower conversion rates due to increased friction during the checkout process. However, the enhanced security measures are expected to build consumer trust in the long run.

The PSD2 surcharge ban applies to e-commerce issuers using surcharges in all consumer contexts, including personal and corporate. This has leveled the playing field for all merchants, ensuring fair competition.

Key Implications for Merchants

  • Technological Investments: Upgrading payment systems to comply with SCA requirements.
  • Conversion Rates: Potential decrease due to added friction in the payment process.
  • Consumer Trust: Increased security measures are expected to enhance consumer confidence in online transactions.

Compliance Requirements for Businesses

Necessary Technological Investments

Businesses must invest in advanced technological solutions to meet PSD2 compliance requirements. This includes implementing secure and efficient systems for Strong Customer Authentication (SCA) and ensuring that their infrastructure supports Open API standards. These investments are crucial for protecting the open banking ecosystem and preventing cyber attacks and information security threats.

Data Protection and Privacy

Under PSD2, businesses are required to adhere to stringent data protection and privacy regulations. This involves ensuring that customer data is handled with the utmost care and transparency. Companies must implement robust data protection measures to safeguard personal financial information and comply with GDPR guidelines.

Penalties for Non-Compliance

Given that PSD2 compliance is mandatory for all applicable entities operating within the EU, penalties for non-compliance can be severe. Institutions that fail to meet the requirements of PSD2 can face financial penalties of up to 4% of their annual returns. It is essential for businesses to stay updated with the regulatory changes and ensure full compliance to avoid these hefty fines.

Ensuring compliance with PSD2 is not just about avoiding penalties; it is about building trust with your customers and securing your business's future.

Future of Payment Services: Looking Beyond PSD2

Introduction to PSD3

With PSD3 regulation set to come into effect within the next two years, the payments landscape is poised for further transformation. PSD3 aims to build on the foundations laid by PSD2, enhancing consumer protection, promoting innovation, and ensuring a more secure payments environment. This new directive will likely address the gaps identified in PSD2 and introduce new measures to keep pace with technological advancements.

Expected Regulatory Changes

The introduction of PSD3 will bring several regulatory changes, including:

  • Enhanced security protocols to combat emerging threats.
  • Broader scope to include new types of payment services.
  • Stricter compliance requirements for payment service providers.

These changes are designed to ensure that the payments ecosystem remains robust and secure, while also fostering innovation and competition.

Preparing Your Business for the Future

Businesses must start preparing now to stay ahead of the curve. Key steps include:

  1. Investing in advanced security technologies.
  2. Updating compliance frameworks to meet new regulatory standards.
  3. Training staff on the upcoming changes and their implications.
Bold action today will ensure your business is ready for the future of open banking and payment services.

By taking these steps, businesses can not only comply with new regulations but also leverage them to gain a competitive advantage.


The Revised Payment Services Directive (PSD2) has significantly reshaped the European payments landscape since its introduction. By fostering innovation, enhancing security through Strong Customer Authentication (SCA), and creating a more competitive market, PSD2 has set a new standard for payment services in the EU. Businesses operating within Europe must stay informed about these regulations to ensure compliance and leverage the opportunities they present. As the payments ecosystem continues to evolve, staying updated on directives like PSD2 and the forthcoming PSD3 will be crucial for maintaining a competitive edge and ensuring secure, efficient payment processes.

Frequently Asked Questions

What is the Revised Payment Services Directive (PSD2)?

The Revised Payment Services Directive (PSD2) is a European regulation introduced to create a more open, competitive, and secure payments landscape across Europe. It provides requirements for Strong Customer Authentication (SCA) and regulates access to payment data by parties other than your bank.

How does PSD2 differ from PSD1?

PSD2 amends the original Payment Services Directive (PSD1) to account for new types of payment services and providers, update rules and definitions, and address legal uncertainties. It also introduces Strong Customer Authentication (SCA) and regulates third-party access to payment accounts.

What is Strong Customer Authentication (SCA)?

Strong Customer Authentication (SCA) is a requirement under PSD2 aimed at making electronic payments more secure. It involves using two or more independent elements from the categories of knowledge, possession, and inherence to authenticate transactions.

What impact does PSD2 have on e-commerce?

PSD2 impacts e-commerce by changing online payment processes, increasing security for card-not-present transactions, and imposing new compliance requirements on merchants. This aims to reduce fraud and enhance consumer protection.

What are the compliance requirements for businesses under PSD2?

Businesses must make necessary technological investments, ensure data protection and privacy, and comply with Strong Customer Authentication (SCA) requirements. Non-compliance can result in penalties and legal consequences.

What can we expect from the future of payment services beyond PSD2?

The future of payment services includes the introduction of PSD3, which is expected to bring further regulatory changes. Businesses should prepare by staying informed about new regulations and investing in technology to meet future compliance requirements.

Explore the Roqqett Range


Roqqett Mercury

Boost revenue and get instant settlements before shipping any orders with Roqqett Pay.


Roqqett Gemini

Boost loyalty and sales with a complete express checkout journey for your customers.

Get Roqqett

Apple AppStore CTA
Google Play Store CTA

Friction-free and Roqqett fast payments

Faster payments - increase revenue

Lower transaction fees - keep more of the money you make

Reduced fraud  - no card fraud and no chargebacks

Easier reconciliation

All with Instant Gross Settlement