All about PSD2

The second Payment Services Directive or PSD2 is a European law which makes electronic payments when shopping or banking online more secure

It aims to make payments safer, increase consumer protection and continue to promote innovation and competition while maintaining a level playing field for all parties.

While some elements of the PSD2 legislation have applied from 13th January 2018, the next phase introduces added security rules referred to as Strong Customer Authentication (SCA) which will see some changes in how customers bank and shop online.

The legislation also allows for the secure provision of new services by Third Party Providers (TPPs), which is referred to as Open Banking.

Open Banking

Open Banking allows customers use the services of regulated Third Party Providers (TPP) to provide the following:

1. Payment Initiation Services
When buying online from a retailer,  you’ll be offered the option to pay directly from your bank account, using an authorised TPP, instead of entering your debit or credit card details. TPPs who offer this service are known as a Payment Initiation Service Providers – PISPs

2. Account Information Services
This allows you to use the services of an authorised TPP to help you manage your accounts in a clearer and better manner. TPPs who offer this service are known as an Account Information Service Providers – AISPs.

If you choose to use these services, you’ll need to give explicit consent to the TPP. You choose the services that a TPP can provide, and you can always revoke consent at any time.

You’re in control.

All TPPs are regulated by the Central Bank of Ireland or by the National Competent Authority of their home European Union state. This means that these TPPs are subject to strict security and data protection laws, similar to KBC. KBC will always check that the TPP is regulated before they grant access to them.

Before you give consent,  you can also request information from the TPP, confirming they are a regulated entity.

Open Banking will allow KBC customers to securely and conveniently view their account information, balances and transactions from other banks from within their KBC Mobile App! Open Banking is made possible by PSD2.

Strong Customer Authentication (SCA)

The aim of SCA is to increase security for electronic payments through the introduction of two factor authentication. This is a security process where you may be asked to verify your identity in two different ways -  such as with a PIN or a fingerprint.

SCA will be used when accessing online payment accounts or making payments online. KBC already use Strong Customer Authentication,  however with PSD2 it will be used more frequently to provide enhanced security such as when viewing your statements in the app.

Your identity will be authenticated using at least two of the following:

  • Knowledge – something only you know e.g. your online banking PIN
  • Possession – something only you have e.g. your card reader or mobile phone
  • Inherence – something you are e.g. your fingerprint

For more information on PSD2 you can view the European Commission PSD2 Factsheet (pdf, 83KB)