{"id":11893,"date":"2019-01-15T06:00:50","date_gmt":"2019-01-15T14:00:50","guid":{"rendered":"http:\/\/www.trulioo.com\/?p=10191"},"modified":"2024-01-17T21:09:10","modified_gmt":"2024-01-17T21:09:10","slug":"psd2-compliance","status":"publish","type":"post","link":"https:\/\/www.trulioo.com\/blog\/identity-verification\/psd2-compliance","title":{"rendered":"Revisiting PSD2: One Year After Implementation, Here\u2019s How Things Are Shaping Up"},"content":{"rendered":"\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"900\" height=\"600\" src=\"https:\/\/www.trulioo.com\/wp-content\/uploads\/2019\/01\/334_final.jpg\" alt=\"PSD2 compliance\" class=\"wp-image-10192\" srcset=\"https:\/\/www.trulioo.com\/wp-content\/uploads\/2019\/01\/334_final.jpg 900w, https:\/\/www.trulioo.com\/wp-content\/uploads\/2019\/01\/334_final-740x493.jpg 740w, https:\/\/www.trulioo.com\/wp-content\/uploads\/2019\/01\/334_final-48x32.jpg 48w\" sizes=\"(max-width: 900px) 100vw, 900px\" \/><\/figure>\n\n\n\n<p>It\u2019s been a year since the European Union\u2019s Payment Services Directive 2 (<a href=\"https:\/\/www.trulioo.com\/blog\/payments\/psd2\">PSD2<\/a>) was enacted. The directive, considered by many to be the most consequential regulation to affect the banking sector in recent times, continues to be a hot button issue; in practice, however, its impact has been underwhelming. Granted, PSD2 has not gone into full effect yet \u2013 there will be some time before certain provisions become mandatory. A recent study found that only nine percent of UK adults have had any interaction with open banking technology (the term, <em>open banking<\/em>, is applied generally to signify regulatory and technological efforts to break up the retail banking oligopoly by allowing payment and related tech solutions to become more competitive in the financial services space).<\/p>\n\n\n\n<p>One of the key pieces of PSD2 is Strong Customer Authentication (SCA), which will be mandated on September 14, 2019. Industry insiders have <a href=\"https:\/\/www.paymentsjournal.com\/nine-months-passwords-insufficient-europeans\/\" target=\"_blank\" rel=\"noopener noreferrer\">expressed<\/a> concerns over companies\u2019 preparedness to be SCA-compliant, and its potentially detrimental effects on user experience.<\/p>\n\n\n\n<p>Despite anxieties and skepticism around the feasibility of PSD2, industry leaders seem to have accepted that it is ineluctable. What adaptive changes will banks make, however, remains an open-ended question.<\/p>\n\n\n\n<p>As Sebastian Siemiatkowski, CEO, Klarna, a leading German challenger bank, said recently:<\/p>\n\n\n\n<p>\u201cSome banks, will &#8220;manage to <a href=\"https:\/\/www.cnbc.com\/2018\/12\/04\/klarna-ceo-retail-banks-set-for-massive-disruption-from-fintech.html\" target=\"_blank\" rel=\"noopener noreferrer\">transform themselves<\/a>&#8221; as digitally-driven businesses; most will take the mergers and acquisitions (M&amp;A) route, snapping up fintech competitors to get ahead; and, lastly, others will just &#8220;fail.&#8221;<\/p>\n\n\n\n<p>Indeed, a year after the implementation of PSD2, crucial questions still remain unanswered: How will various payment and banking companies implement PSD2? Will the vision of open banking remain a vision or will it actually materialize?<\/p>\n\n\n\n<p>With the benefit of hindsight, this post will revisit some of the core objectives of PSD2, along with&nbsp; their challenges, and assess where things stand today.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-psd2-objectives-and-possibilities\">PSD2: Objectives and possibilities<\/h2>\n\n\n\n<p>Fundamentally, PSD2 opens consumer banking data up to third party providers (TPPs). PSD2 resolves TPPs into two categories: Payment Initiation Service Providers (PISPs) and Account Information Service Providers (AISPs).<\/p>\n\n\n\n<p>PISPs initiate payments on behalf of a user. On the other hand, AISPs offer users a consolidated view of their accounts with different banks. While AISPs could analyze a user\u2019s spending habits, PISPs deal with the actual transfer of money in the form of Peer-to-Peer (P2P) transfers or bill payments.<\/p>\n\n\n\n<p>Upon gaining access to consumer banking data, TPPs can build a host of new financial products and services on top of existing bank infrastructure, to the benefit of customers. Banks will have to compete not just with other banks, but with innovative upstarts fashioning new solutions and services out of data that, until recently, resided exclusively with banks.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-strong-customer-authentication-sca-gdpr-on-steroids\">Strong Customer Authentication (SCA): \u201cGDPR on steroids\u201d?<\/h2>\n\n\n\n<p>SCA is based on:<\/p>\n\n\n\n<ul>\n<li>Knowledge (something only the user knows; for example, a password or PIN)<\/li>\n\n\n\n<li>Possession (something the user possesses; for example, mobile phone or ID card)<\/li>\n\n\n\n<li>Inherence (something the user is; for example, fingerprint or facial recognition)<\/li>\n<\/ul>\n\n\n\n<p>At the very least, SCA mandates that a customer\u2019s identity be verified, using at least two of the aforementioned independent elements; for example, a question and a biometric scan or a password and a randomly generated Personal Identification Number (PIN).<\/p>\n\n\n\n<p>As we noted earlier, there are concerns that SCA could create friction in the user experience. As per the regulation, SCA would be required for every transaction over \u20ac30 (or $35 approx.). This had displeased many: Comparing SCA to \u201cGDPR on steroids\u201d, industry experts predict that up to 30 percent of transactions could be declined after its introduction \u2013 no specific factors, however, were provided to account for the estimate.<\/p>\n\n\n\n<p>Needless to say, the ideal approach would be to strike a balance between complying with regulations and building suitable customer experiences.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-xs2a-how-will-tpps-and-banks-work-together\">XS2A: How will TPPs and banks work together?<\/h2>\n\n\n\n<p>Access to Account (XS2A), which relates to how TPPs will actually obtain access to customer bank data, remains the most pivotal aspect of PSD2; there will be important risk mitigation, implementation and technical considerations as a result of XS2A. For example, what technologies and processes would require to be implemented to ensure that customer data is being accessed and shared in a secure manner? What specific procedures will compliance teams need to follow? How will liability be assessed when breaches or other failures occur?<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-the-devil-is-in-the-details\">The devil is in the details<\/h2>\n\n\n\n<p>Clearly, there are a host of unanswered questions around how SCA, XS2A and, indeed, the larger PSD2 project will play out. The European Banking Authority\u2019s (EBA) has published opinions and guidelines, which speak more specifically to these questions.<\/p>\n\n\n\n<p>As the adage goes, the devil is in the details, and when it comes to PSD2, the details around implementation will, to a large extent, determine the future of open banking.<\/p>\n","protected":false},"excerpt":{"rendered":"It\u2019s been a year since the European Union\u2019s Payment Services Directive 2 (PSD2) was enacted&#8230;.","protected":false},"author":8,"featured_media":10192,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"om_disable_all_campaigns":false,"footnotes":""},"categories":[334],"post-types":[],"post-topics":[109,99,98,131,73],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.1 (Yoast SEO v22.1) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Revisiting PSD2 Compliance: One Year After Implementation<\/title>\n<meta name=\"description\" content=\"It\u2019s been a year since PSD2 compliance was necessary. The EU directive is considered by many to be the most consequential regulation to affect banking.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.trulioo.com\/blog\/identity-verification\/psd2-compliance\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Revisiting PSD2 Compliance: One Year After Implementation\" \/>\n<meta property=\"og:description\" content=\"It\u2019s been a year since PSD2 compliance was necessary. The EU directive is considered by many to be the most consequential regulation to affect banking.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.trulioo.com\/blog\/identity-verification\/psd2-compliance\" \/>\n<meta property=\"og:site_name\" content=\"Trulioo\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/trulioo\" \/>\n<meta property=\"article:published_time\" content=\"2019-01-15T14:00:50+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-01-17T21:09:10+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trulioo.com\/wp-content\/uploads\/2019\/01\/334_final.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"900\" \/>\n\t<meta property=\"og:image:height\" content=\"600\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Paul Valkama\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@trulioo\" \/>\n<meta name=\"twitter:site\" content=\"@trulioo\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Paul Valkama\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.trulioo.com\/blog\/identity-verification\/psd2-compliance#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.trulioo.com\/blog\/identity-verification\/psd2-compliance\"},\"author\":{\"name\":\"Paul Valkama\",\"@id\":\"https:\/\/www.trulioo.com\/#\/schema\/person\/4dedbd41574b6b5754919a490ed4d5ae\"},\"headline\":\"Revisiting PSD2: One Year After Implementation, Here\u2019s How Things Are Shaping Up\",\"datePublished\":\"2019-01-15T14:00:50+00:00\",\"dateModified\":\"2024-01-17T21:09:10+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.trulioo.com\/blog\/identity-verification\/psd2-compliance\"},\"wordCount\":802,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.trulioo.com\/#organization\"},\"articleSection\":[\"Identity Verification\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.trulioo.com\/blog\/identity-verification\/psd2-compliance#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.trulioo.com\/blog\/identity-verification\/psd2-compliance\",\"url\":\"https:\/\/www.trulioo.com\/blog\/identity-verification\/psd2-compliance\",\"name\":\"Revisiting PSD2 Compliance: One Year After Implementation\",\"isPartOf\":{\"@id\":\"https:\/\/www.trulioo.com\/#website\"},\"datePublished\":\"2019-01-15T14:00:50+00:00\",\"dateModified\":\"2024-01-17T21:09:10+00:00\",\"description\":\"It\u2019s been a year since PSD2 compliance was necessary. The EU directive is considered by many to be the most consequential regulation to affect banking.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.trulioo.com\/blog\/identity-verification\/psd2-compliance#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.trulioo.com\/blog\/identity-verification\/psd2-compliance\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.trulioo.com\/blog\/identity-verification\/psd2-compliance#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.trulioo.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Identity Verification\",\"item\":\"https:\/\/www.trulioo.com\/post-topics\/identity-verification\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Revisiting PSD2: One Year After Implementation, Here\u2019s How Things Are Shaping Up\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.trulioo.com\/#website\",\"url\":\"https:\/\/www.trulioo.com\/\",\"name\":\"Trulioo\",\"description\":\"Building trust online (online identity verification services)\",\"publisher\":{\"@id\":\"https:\/\/www.trulioo.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.trulioo.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.trulioo.com\/#organization\",\"name\":\"Trulioo\",\"url\":\"https:\/\/www.trulioo.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.trulioo.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.trulioo.com\/wp-content\/uploads\/2023\/01\/Trulioo-Wordmark-Dark-Green.png\",\"contentUrl\":\"https:\/\/www.trulioo.com\/wp-content\/uploads\/2023\/01\/Trulioo-Wordmark-Dark-Green.png\",\"width\":2784,\"height\":1464,\"caption\":\"Trulioo\"},\"image\":{\"@id\":\"https:\/\/www.trulioo.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/trulioo\",\"https:\/\/twitter.com\/trulioo\",\"https:\/\/www.linkedin.com\/company\/trulioo\",\"https:\/\/www.instagram.com\/trulioo_global\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.trulioo.com\/#\/schema\/person\/4dedbd41574b6b5754919a490ed4d5ae\",\"name\":\"Paul Valkama\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.trulioo.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/ae0ad041b53eb878badb2c5744ad4691?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/ae0ad041b53eb878badb2c5744ad4691?s=96&d=mm&r=g\",\"caption\":\"Paul Valkama\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Revisiting PSD2 Compliance: One Year After Implementation","description":"It\u2019s been a year since PSD2 compliance was necessary. The EU directive is considered by many to be the most consequential regulation to affect banking.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.trulioo.com\/blog\/identity-verification\/psd2-compliance","og_locale":"en_US","og_type":"article","og_title":"Revisiting PSD2 Compliance: One Year After Implementation","og_description":"It\u2019s been a year since PSD2 compliance was necessary. The EU directive is considered by many to be the most consequential regulation to affect banking.","og_url":"https:\/\/www.trulioo.com\/blog\/identity-verification\/psd2-compliance","og_site_name":"Trulioo","article_publisher":"https:\/\/www.facebook.com\/trulioo","article_published_time":"2019-01-15T14:00:50+00:00","article_modified_time":"2024-01-17T21:09:10+00:00","og_image":[{"width":900,"height":600,"url":"https:\/\/www.trulioo.com\/wp-content\/uploads\/2019\/01\/334_final.jpg","type":"image\/jpeg"}],"author":"Paul Valkama","twitter_card":"summary_large_image","twitter_creator":"@trulioo","twitter_site":"@trulioo","twitter_misc":{"Written by":"Paul Valkama","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.trulioo.com\/blog\/identity-verification\/psd2-compliance#article","isPartOf":{"@id":"https:\/\/www.trulioo.com\/blog\/identity-verification\/psd2-compliance"},"author":{"name":"Paul Valkama","@id":"https:\/\/www.trulioo.com\/#\/schema\/person\/4dedbd41574b6b5754919a490ed4d5ae"},"headline":"Revisiting PSD2: One Year After Implementation, Here\u2019s How Things Are Shaping Up","datePublished":"2019-01-15T14:00:50+00:00","dateModified":"2024-01-17T21:09:10+00:00","mainEntityOfPage":{"@id":"https:\/\/www.trulioo.com\/blog\/identity-verification\/psd2-compliance"},"wordCount":802,"commentCount":0,"publisher":{"@id":"https:\/\/www.trulioo.com\/#organization"},"articleSection":["Identity Verification"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.trulioo.com\/blog\/identity-verification\/psd2-compliance#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.trulioo.com\/blog\/identity-verification\/psd2-compliance","url":"https:\/\/www.trulioo.com\/blog\/identity-verification\/psd2-compliance","name":"Revisiting PSD2 Compliance: One Year After Implementation","isPartOf":{"@id":"https:\/\/www.trulioo.com\/#website"},"datePublished":"2019-01-15T14:00:50+00:00","dateModified":"2024-01-17T21:09:10+00:00","description":"It\u2019s been a year since PSD2 compliance was necessary. The EU directive is considered by many to be the most consequential regulation to affect banking.","breadcrumb":{"@id":"https:\/\/www.trulioo.com\/blog\/identity-verification\/psd2-compliance#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.trulioo.com\/blog\/identity-verification\/psd2-compliance"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.trulioo.com\/blog\/identity-verification\/psd2-compliance#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.trulioo.com\/"},{"@type":"ListItem","position":2,"name":"Identity Verification","item":"https:\/\/www.trulioo.com\/post-topics\/identity-verification"},{"@type":"ListItem","position":3,"name":"Revisiting PSD2: One Year After Implementation, Here\u2019s How Things Are Shaping Up"}]},{"@type":"WebSite","@id":"https:\/\/www.trulioo.com\/#website","url":"https:\/\/www.trulioo.com\/","name":"Trulioo","description":"Building trust online (online identity verification services)","publisher":{"@id":"https:\/\/www.trulioo.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.trulioo.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.trulioo.com\/#organization","name":"Trulioo","url":"https:\/\/www.trulioo.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.trulioo.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.trulioo.com\/wp-content\/uploads\/2023\/01\/Trulioo-Wordmark-Dark-Green.png","contentUrl":"https:\/\/www.trulioo.com\/wp-content\/uploads\/2023\/01\/Trulioo-Wordmark-Dark-Green.png","width":2784,"height":1464,"caption":"Trulioo"},"image":{"@id":"https:\/\/www.trulioo.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/trulioo","https:\/\/twitter.com\/trulioo","https:\/\/www.linkedin.com\/company\/trulioo","https:\/\/www.instagram.com\/trulioo_global\/"]},{"@type":"Person","@id":"https:\/\/www.trulioo.com\/#\/schema\/person\/4dedbd41574b6b5754919a490ed4d5ae","name":"Paul Valkama","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.trulioo.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/ae0ad041b53eb878badb2c5744ad4691?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/ae0ad041b53eb878badb2c5744ad4691?s=96&d=mm&r=g","caption":"Paul Valkama"}}]}},"_links":{"self":[{"href":"https:\/\/www.trulioo.com\/wp-json\/wp\/v2\/posts\/11893"}],"collection":[{"href":"https:\/\/www.trulioo.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.trulioo.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.trulioo.com\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/www.trulioo.com\/wp-json\/wp\/v2\/comments?post=11893"}],"version-history":[{"count":1,"href":"https:\/\/www.trulioo.com\/wp-json\/wp\/v2\/posts\/11893\/revisions"}],"predecessor-version":[{"id":40557,"href":"https:\/\/www.trulioo.com\/wp-json\/wp\/v2\/posts\/11893\/revisions\/40557"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.trulioo.com\/wp-json\/wp\/v2\/media\/10192"}],"wp:attachment":[{"href":"https:\/\/www.trulioo.com\/wp-json\/wp\/v2\/media?parent=11893"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.trulioo.com\/wp-json\/wp\/v2\/categories?post=11893"},{"taxonomy":"post-types","embeddable":true,"href":"https:\/\/www.trulioo.com\/wp-json\/wp\/v2\/post-types?post=11893"},{"taxonomy":"post-topics","embeddable":true,"href":"https:\/\/www.trulioo.com\/wp-json\/wp\/v2\/post-topics?post=11893"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}