PSD2, or the Revised Payment Services Directive, is a key European Union regulation that transformed how payment services operate across the European Economic Area.
Behind fancy words, the Payment Services Directive (PSD2) is all about implementing Open Banking – a way to secure access to bank account information and initiate digital payments through third-party providers – as long as the user gives consent to banks.
In other words, the PSD2 directive requires banks to open their payment infrastructure and customer data (with consent) to licensed third-party providers through secure APIs.
The European payments industry needed modernization, and the Payment Services Directive, in its last iteration, can enable faster payment transactions and an entirely new generation of payment service providers offering unique payment services. Also, consumer protection will be much stronger with mandatory security measures, such as strong customer authentication.
Genome, as a fully licensed fintech platform, operates in full compliance with PSD2. Find out how it impacts the payment market and banking in the EU.
What is PSD2?
It all started with the first Payment Services Directive adopted in 2007 (and implemented by EU Member States) to regulate payments across the EU single market. It was aimed at enabling more secure and efficient cross-border payments with more transparent fees. But as the industry has been growing and evolving, it was time to update the regulation to keep pace with rapid digitalization.
Enter the Revised Payment Services Directive, replacing the original directive in January of 2018 (after entering into force in 2016). The EU directive covers two main areas: encouraging technological upgrades through Open Banking and improving the security of online payments.
Open Banking enables third-party providers (TPPs), such as fintech companies, to access customers’ payment-account data to provide more advanced, user-friendly financial services.
This opens up great opportunities for collaboration between traditional banks and Fintechs. As the former brings their regulatory status and reliability to the table, the latter offers better, more customer-oriented technical solutions. In other words, banks, Fintechs, and cardholders all gain something from this alliance.
Meanwhile, to complete the payment security upgrade, payment service providers must apply strong customer authentication (SCA). The process requires that customer accounts pass an extra level of verification when buying things online.
Open an account
in Genome online
Why PSD2 was introduced
The European Commission decided to launch PSD2 to reshape the European financial industry and create a fairer, more innovative financial ecosystem.
The regulation completely changed how banks process payments for consumers.
The main goals include:
Promote competition among banks, fintech companies, and other financial institutions.
Boost innovation among payment service providers and increase competition on the payment services market through Open Banking and the rise of payment initiation service providers (PISPs) and account information service providers (AISPs).
Enhance security for online transactions with multi-factor authentication and secure access protocols in order to prevent fraud for good.
Make a consumer choice matter by giving them full control over their payment data and bank account information.
Key features of PSD2
The Payment Services Directive introduced several rules that made a significant impact on the European Economic Area.
Strong Customer Authentication (SCA): A security requirement ensuring electronic payments are verified through two or more authentication methods (like password, device, or biometrics).
Third-Party Provider (TPP) access: Banks must give licensed TPPs permissioned access to customer accounts through open APIs.
Open APIs: Application programming interfaces are the core pillars of the Open Banking concept, secure sensitive data, and consumer information sharing.
Improved consumer rights: Including refund rights, clearer information on fees, and enhanced consumer protection from payment fraud.
Summarizing: payment faster, banks are more open and much safer in exchange for consumers’ data.
PSD2 vs. PSD1
PSD2 evolved from PSD1 to embrace the digital era of online payments, fintech innovation, and stronger security protocols for payment service providers.
What is more important here, PSD2 created a mandatory EU framework for Open Banking (access-to-account/XS2A), whereas PSD1 did not include any provisions for it.
This shift significantly increased competition by requiring financial institutions to grant third-party providers (TPPs) access to customers’ payment accounts via secure interfaces (APIs), with the customer’s consent.
TPPs like PISPs (Payment Initiation Service Providers) and AISPs (Account Information Service Providers) were not new, as similar services existed before PSD2.
However, PSD2 fundamentally changed their status by formally recognizing Payment Initiation Services and Account Information Services as regulated services/roles, integrating them into the payment ecosystem.
Before PSD2, these providers operated largely outside a harmonized EU payments framework (often via screen scraping).
Feature | PSD1 | PSD2 |
Scope | Traditional payment institutions | Broader, includes third-party providers (TPPs) |
Security | Basic authentication | Strong Customer Authentication (SCA) required |
Innovation | Limited | Enables Open Banking, API integration, and new payment initiation services |
Consumer rights | Standard protection | Enhanced refund rights and data transparency |
PSD2 and Open Banking
PSD2 is the foundation of Open Banking, and it applies to any EU member state. It requires banks to open their payment accounts and customer information to licensed third parties, creating a connected ecosystem.
Although both banks and consumers can benefit from faster, cheaper payments, regulation was probably the only way to establish trust between consumers and banks when handling their payments with sensitive data.
Benefits include:
For consumers: Access to multiple banks through one app, better customer experience, and consumer choice.
For businesses: Faster payment initiation, reduced fees, and access to real-time payment data.
In regards of innovation: Enables new services like account aggregation, instant payments, and single sign-on solutions for all parties involved.
How PSD2 impacts businesses
In terms of Open Banking, financial institutions or business structures that use bank accounts to make or accept payments are impacted.
To be clear, Open Banking is not mandatory; the framework for implementing it is, but companies or payment service providers that don’t participate in Open Banking still must protect consumers and their payments by implementing two-factor authentication and other requirements for digital certificates.
Merchants: What companies need is to update the technical tools that allow them to accept payments on their websites. The most common solution for that is 3D Secure. It’s a good instrument that reduces fraud and chargebacks, as scammers will require the cardholder’s phone or biometric data in addition to a stolen card to complete the purchase.
Banks: Must provide open API access to participants in competition for new payment services in Open Banking, plus bank accounts now must be secured by two-factor authentication.
Fintech companies: Now they are not direct competitors to banks but rather a tech partner in the field of electronic payments and payment initiation services.
Genome and PSD2 compliance
Genome is an Electronic Money Institution (EMI) licensed and supervised by the Bank of Lithuania, with operations aligned with PSD2.
Here are our ways to ensure compliance:
Genome is PSD2-aligned and secure. We operate legally across the European Economic Area and follow strict risk, safeguarding, governance, and reporting requirements with regular supervisory reviews and audits.
Secure payment processing with Strong Customer Authentication (SCA). Where required, customers authenticate using two or more independent factors from: knowledge (e.g., password/PIN), possession (e.g., phone/app/OTP), and inherence (e.g., fingerprint/face).
Business accounts & transfers. Clients receive dedicated EUR IBANs for SEPA payments and multi-currency accounts (EUR, USD, GBP, PLN, CHF, JPY, CAD, CZK, HUF, SEK, AUD, DKK). SEPA Instant and Credit transfers are euro-only. We use two-factor authentication and support Open Banking integrations.
Advanced fraud prevention and risk controls. Continuous monitoring, rules, and analytics help protect accounts and payments.
Transparent pricing and consumer rights. Our terms and processes align with PSD2 standards for clear fees, disputes, and protections.
Infrastructure built for safety and interoperability. We support secure electronic payments, open-banking connections where applicable, and strong data protection for all clients.
Initiating payments for consumers, companies, and other businesses is now simpler, faster, and more secure.
Open an account
in Genome online
The future of PSD2 and digital finance
As digital finance evolves, PSD2 continues to shape Europe’s financial ecosystem.
The European Commission and European Banking Authority are preparing updates under PSD3, which will further refine security measures and open data-sharing frameworks.
PSD2 accomplished its primary goals: payments modernization and consumer protection. The goal of PSD3 is to build on this foundation by strengthening fraud prevention, enhancing consumer protection, and resolving inconsistencies.
Trends to watch:
Expansion of Open Banking across Europe. Soon, most bank accounts will be a part of Open Banking.
Greater collaboration between banks, fintechs, and payment providers in the form of merging payment services + e-money frameworks.
Because PSD2 modernizes how payments flow between banks and consumers, more seamless, consumer-centric digital payment services would arise.
Consumers and their demand: the payment industry is client-centric, so any feature that really catches people’s attention (like crypto or AI) would trigger significant changes.
Genome will definitely be at the forefront of this transformation—helping businesses and customers embrace the benefits of PSD2 while staying ready to implement new regulations in advance.
