A Guide to Understanding Open Banking & PSD2.

PSD2 (Payment Services Directive 2) is the revised Payment Service Directive that aims to better align payment regulation with the market and technology enhancements, including Open Banking.

The updated directive governs payment services and payment service providers throughout the European Union and European Economic Area, supporting significant advancements in the financial services regulations introduced by the EU.   

Our company's
Open Banking System

At OneFor,

we are committed to providing our users with the greatest possible experience when it comes to managing their finances and the transparency they deserve.

As a result,

we provide third-party providers (TPP’s) with the ability to integrate with our service.  In turn, where third-party providers have integrated with us, our customers can access their accounts via Open Banking, and utilize an additional range of features available via third-party providers.

Open Banking

is a system that allows customers to securely share their financial data with third-party providers, such as banks, fintech, and other financial services companies.

The data

available can be utilized to develop inventive products and services that aid customers in effectively managing their finances by providing access to their accounts across various banks and facilitating informed decision-making about their money matters in new and inventive ways.

Why was PSD2 created in the first place?

Before PSD2 was introduced, only you and your bank had access to your payment data. PSD2 allows you to decide if you want to securely share your data with anyone else.

PSD2 enables more competition in the payment market, allowing firms other than your bank to view your payment data where you provide permission.

Creating fair competition for new industry players.

Safer
payments
Improved
Customer protection
Encouraging
Innovation

It seeks to improve customer protection, boost competition and innovation in the sector and reinforce security in the payments market, all of which are expected to enable the development of innovative payment and e-commerce methods.

The goal of PSD2 is to increase the security of electronic payments and the protection of consumers' financial data while also improving all aspects of the customer experience in a bank.

Third-Party Providers (TPP’s) who would like to integrate with OneFor can access our Developer Portal here:

See more

The Technology Required for PSD2.

At the heart of PSD2 is the promotion of the use of open APIs, allowing third-party providers (TPP’s) to access customer data and payment services from banks and other payment service providers.

This is done through the use of secure application programming interfaces (APIs) that meet the requirements of PSD2 regulations.

Such APIs allow account holders to give third-party providers access to their account information held with their banks or other payment service providers.

The regulations mandate the use of strong customer authentication (SCA) to ensure that customers are properly identified and authenticated when utilizing open banking services.

Open Banking technology includes the use of secure communication protocols, such as Transport Layer Security (TLS) and Secure Sockets Layer (SSL), to ensure that all sensitive data is encrypted and secure when being transmitted between the customer, the bank, and the third-party provider.

PSD2 sets out frameworks that are used to help ensure that payment services are secure, efficient, and accessible for both consumers and businesses.

PDS2 HAS A BROADER OBJECTIVE, PROMOTING CUSTOMER RIGHTS IN A VARIETY OF WAYS, INCLUDING:

How does PSD2 seek
to improve customer rights?

Demands strong customer authentication (SCA) to verify the identity of customers when making payments.

To use secure communication protocols such as Transport Layer Security (TLS) and Secure Sockets Layer (SSL) to protect data in transit.

Mandates that banks employ application programming interfaces (APIs) to provide third-party suppliers access to client data.

PSD2 also requires banks to use advanced encryption standards (AES) to protect customer data.   

 Compels banks to secure client data with sophisticated encryption standards (AES).  

Requires banks to use two-factor authentication to protect customer accounts.

SCA (Secure Customer Authentication)

PSD2’s new SCA (Secure Customer Authentication) requirement is intended to reduce fraud and make online and contactless offline payments more secure.

SCA rules must be followed when facilitating and accepting payments. The SCA (Strong Customer Authentication) rules require at least two of the following three components to be utilized for all electronic transactions:

Knowledge

Something the customer knows, such as a PIN or password.

Inherence

Something the customer is, such as their fingerprint.

Possession

Something  the customer owns, such as a mobile phone or payment card.

Remote Transactions

A unique authentication code that dynamically connects the transaction to a certain amount and specific payee.

When will SCA have to be applied?

When consumers utilize an extra service via Open Banking to review their payment account or an aggregated view of their payment accounts:

  • The 1st time the account (or aggregated view) is consulted.
  • At least every 90 days (about 3 months).

Each time the user makes a payment, except in certain situations, such as:

  • Below a certain amount.
  • If the beneficiary is already identified

Potential roles:

- Account Information Service Providers

-Payment Initiation Service Providers

-Account Servicing Payment Service Providers