05 Dec PSD2 GLOSSARY: AN OVERVIEW OF THE MOST COMMONLY USED ACRONYMS

Much has been said and written about PSD2, the revised  EU Payment Services Directive: it has become  a  particularly hot topic around September 14th this year, when the final part of the legislation officially entered into force. 

PSD2 brought a series of new abbreviations and acronyms with it, the most well-known of is probably SCA: Strong Customer Authentication is perhaps the PSD2 aspect that mostly affected the general public, impacting also users’ online payment transactions. 

Along with SCA however, there are many more new acronyms used in the banking sector and beyond. To better navigate the various PSD2-related abbreviations, we have compiled a small glossary of the most frequently used terms. 

PSD2: the abbreviations to know 

AISP (Account Information Service Provider) 

Any (financial) provider with access to customers’ bank accounts aggregating all data to analyse the spending behaviour so to provide a complete overview  of their financial situation. 

 API (Application Programming  Interface) 

A set of commands, functions, protocols, and tools acting as a software intermediary that allows two software programmes to communicate with each other. APIs facilitate access to customers’ accounts and can provide account information to third-party apps. 

ASPSP (Account Servicing Payment Service Providers) 

Entities having full and direct control of customers’ bank accounts, having a direct service contract with the bank account owner. 

CISP (Card Issuer Service Provider) 

Card-based payment service providers that can make a request to the users’ bank to verify funds availability before payment. 

eIDAS (Electronic Identification, Authentication and Trust Services) 

A set of EU regulatory standards  designed for transactions and money transfers within the Single Market. It ensures that up-to-date, internationally admissible standards of digital identity, trust verification and validation are in place.​ 

PISP (Payment Initiation Service Provider) 

Any organization that, upon customers’ request and on their behalf, can initiate credit transfers to accounts held at another payment service provider. PISPs act as an intermediary between customers starting the payment and their own online bank account. 

PSD2 (Payment Services Directive 2) 

EU Directive 2015/2366 on payment services that entered into force on 13 January 2018. It represents an evolution of Directive 2007/64/CE, also known as PSD, and a step further towards complete harmonisation of the EU payments market. 

PSP (Payment Service Provider) 

A Payment Service Provider: bank, payment or electronic money institution providing banking services and/or payment account management, including access service to an online bank account to authorize and process payments. 

RTS (Regulatory Technical Standards) 

Technical  standards  defining PSD2 and eIDAS services. They provide detailed specifications to achieve the strict security  requirements  for payment service providers in the EU. 

SCA (Strong Customer Authentication) 

Also known as Two Factor Authentication (2FA), SCA consists in the verification of at least two different components to ascertain the identity of a payment service user or the validity of the use of a specific payment tool: factors required for authentication are dynamically combined by linking each transaction to a specific amount and beneficiary, thus certifying its uniqueness. 

TPP (Third-Party Provider) 

A service provider which is different from the one customers own their account or payment service at, that is authorised to access their bank account information. Thanks to TPPs, online account owners can process payments or access to their own reserved information through non-banking authorised services. TPP is the collective name for AISPs, CISPs and PISPs. 

XS2A (Access-to-Account) 

Authorised access to customers’ account: a service enabling an app which is not controlled by the bank to obtain information on users’ accounts.