PSD2 is a successor to the Payment Services Directive (PSD) that was passed by the Council of the European Union (CEU) in 2007.
The purpose of PSD, which the banking industry strongly supported, was to increase the participation of non-banks in Europe’s payments industry. PSD2, a 2015 revision of PSD, further regulated payment services in the European Union. The objective of PSD2 was to integrate the payments market in the EU by increasing the security of financial transactions. This directive has created a greater opportunity for banks to collaborate with providers in the financial technology, or fintech, industry.
The implementation of strong customer authentication (SCA) measures for electronic payments is a critical element of PSD2. This feature is particularly important in ensuring the security of payments made from mobile devices, especially payments originating from outside the EU. PSD2 also specifies common and secure communication requirements, such as requiring the use of certificates qualified by electronic IDentification, Authentication and trust Services (eIDAS) as specified in ETSI TS 119 495. PSD2 requires websites to use this standard to authenticate communications between financial service providers.
The CEU passed PSD2 on November 16, 2015, but allowed EU members two years to incorporate the directive into their national laws. It supplemented PSD2 with the passage of EU directive 2018/389 on November 27, 2017, creating standards for SCA measures. The first provisions of PSD2 went into effect on January 13, 2018, and the entire directive became effective on September 14, 2019.
Businesses were originally required to comply with the Regulatory Technical Standard for PSD2 by this date, but they encountered a variety of challenges that delayed the process. The European Banking Authority, therefore, granted an extension to December 31, 2020, for the purpose of fully implementing SCA measures.