Everything you should know about PSD2
The revised Payment Services Directive (PSD2) is a European law that governs payment systems in the European Union (EU). It regulates access to your payment data by other parties than your bank. This fosters innovation and competition in the European payments market. So what exactly is PSD2? And how do we keep payment data safe?
What is PSD2?
PSD2 is European legislation on consumer and business payments. It was introduced in the Netherlands in February 2019. One of the things it does, is that it obliges banks to give firms access to your payment account if you give your consent. Such firms offer payment services. They get access to your payment account if you agree.
Why was PSD2 introduced?
Before PSD2 was introduced, only you and your bank had access to your payment data. PSD2 allows you to decide who else gets to view your data. PSD2 enables more competition in the payment market as it also allows firms other than your bank to view your payment data. They can only do so if:
- you have given your consent
- they hold a licence from De Nederlandsche Bank (DNB) or one issued in another EU Member State.
PSD2 fosters innovation
In the Netherlands, there were already many innovations before PSD2 was introduced. So you may not have received a request from a firm to view your payment data yet. So what can they do once they have access? For example, they can combine your payment accounts and transactions at different banks into a single overview. In this way, they can create a smart budget planner and make predictions based on previous transactions. Who knows, in the future you may also give devices access to your payment account. Just think of a refrigerator that keeps your stocks, places orders with your local supermarket and pays for its purchases. PSD2 will create many new possibilities.
The risks of PSD2
Obviously, not everyone should access your payment data just like that. So if a firm asks for your consent to access your data, you should always be on your guard. Such a request could also be an attempt at phishing to obtain your login codes or PIN codes. If you are unsure whether the access request is made in good faith, just check whether the firm is listed in our licence register. A firm will never get access to your data if you do not approve its request.
If you allow a firm access to your payment data, it may only use your data for the purpose for which you granted access. DNB and the Dutch Data Protection Authority monitor a firm's compliance with this restriction.
Would you like to know more about PSD2? Or do you have questions?
> Read more about PSD2 on https://psd2bankieren.nl (Dutch only).