BRAND VOICE - EY Luxembourg

PSD2: Disrupting payments

23 Mai 2018 Par Patrice Fritsch and Anton Christov
Patrice Fritsch – Directeur Associé, Leader Payment services – EY Luxembourg
Patrice Fritsch – Directeur Associé, Leader Payment services – EY Luxembourg (Crédit Photo : EY Luxembourg)

The European Payments Services Directive provides the legal framework within which all payment service providers (PSPs) must operate. The first Payments Services Directive (PSDI) was adopted in 2007 and implemented in November 2009 in Luxembourg. Its revision (PSDII) was launched in July 2013 by the European Commission and after adoption was enforced on 13 January 2018.

PSDII is driving the European payments industry into technological competition and aims to enhance the digital experience for customers. Now international payments in any currency initiated within and made into and out of the EEA are covered by new transparency obligations, revised liability regime, refund rights and shorter deadlines for complaint handling.

The radical change of PSDII is the introduction of the concept of access to the payment account (XS2A) and two new PSPs statuses, the Account Information Services Providers (AISP) and the Payment Initiation Services Providers (PISP). The XS2A is a new right for third parties providers to access bank’s payment infrastructure in a non-discriminatory way. It obliges Banks to make available interfaces for clients to access their payment accounts through authorized third parties. Clients are now able to view all their bank payment accounts in a consolidated manner through their AISPs. In addition to the consultation services of an AISP, the customers will be able to initiate online payments via the PISPs. As it happened multiple years ago in other industries, PSDII introduces an unprecedented disruption in the financial industry: (i) entry barriers are reduced as players will become authorized, and (ii) technological barriers are removed as Banks need to allow access to third parties. The future largest payment providers may even not host any customer account!

The European Banking Authority (EBA) was charged to introduce the technical requirements of the PSDII in the Regulatory Technical Standards (RTS) for Strong Customer Authentication (SCA) and Common and Secure Open Standards of Communication (CSC). The banks (also known as account servicing payment service providers – ASPSPs), AISPs and PISPs have been invited to get ready for 14 March 2019 when the testing phase of the new application programming interfaces (API) will start. APIs are the technical mechanism that will allow banks to share customer data with TPPs securely. APIs are not mandatory but are the most likely mechanism to provide an efficient and secured access to accounts.

It is up to the banks and PSPs to understand the benefit of PSD II for them and for their customers. In such fast changing times, waiting should not be the considered as an alternative. Stakeholders should now define their strategy for building new services in the new ecosystem, define partnerships when the required competences and technologies exist outside of the organization, joint efforts with other stakeholders, follow the customer voice and listen to their needs and feedbacks, implementation and take the lead in the innovation.


Patrice Fritsch

Directeur Associé, Leader Payment services,

EY Luxembourg


Anton Christov

Manager, Payment services,

EY Luxembourg