04 December 2017

Payment Services Directive II (PSD2)

Contact us

Call us on: +48 22 354 05 00

Request a callback

Every customer enquiry is important to us. By providing details about your business interests we can direct your enquiry to our most relevant team member.

Please don’t enter confidential information such as your bank account details here.
All fields are mandatory unless otherwise indicated as optional.

  1. 01 Current Step 01
  2. 02 Step 02

Reason for contacting us

Enter a topic
Enter a topic

Contact details

Please enter your name
Please enter your telephone number

When may we call you?

Preferred time of day

We will call you within the next 3 business days

Back

Request a call-back - Your business interests (optional)

Every customer enquiry is important to us. By providing details about your business interests we can direct your enquiry to our most relevant team member.

Please don’t enter confidential information such as your bank account details here.
All fields are mandatory unless otherwise indicated as optional.

  1. 01 Completed Step 01
  2. 02 Current Step 02

Business size (optional)

Your business turnover

Your industry sector (optional)

Your market interest (optional)

Which international markets interest you?

Add your business interests

Please don’t enter confidential information such as your bank account details here.
All fields are mandatory unless otherwise indicated as optional.

Business size

Your business turnover

Your industry sector

Your market interest

Which international markets interest you?

Request a callback

  • Sorry

We’ve encountered a problem

We couldn’t send your message. Please try again, return later or call us on

+48 22 354 05 00

Request a callback

  • Thank you

We’ll be in touch

A Relationship Manager from HSBC Poland will give you a call within three business days.

Your interests

  • Business name:
  • Turnover:
  • Sector:
  • Location:
  • International markets:

Add your business interests

We won’t sell your data or misuse it. Read how we handle your details in our cookie policy.

Read in PDF format (PDF, 1.64MB)

 

Introduction

Adopted in 2007 and implemented in 2009, the Payment Services Directive (PSD1) aimed to create a single market for payments in the European Union, as well as provide a foundation for the Single Euro Payments Area (SEPA). Its main objective was to make cross-border payments as easy, inexpensive and secure as domestic payments.

However, as the digital economy developed, new services began to appear – services that lay outside of the scope of PSD1.

With the arrival of Payment Services Directive II (PSD2), these new services and their providers will be registered, licensed and regulated, increasing competition, providing more choices for customers, and encouraging lower prices for payments.

Further technical, security and authentication requirements will follow, however, PSD2 must be transposed into national law by member states by 13 January 2018.

Key Changes

PSD2 reflects significant changes to the payments market. These changes include:

Extended coverage

PSD2 will cover both intra-EEA (European Economic Area) payments, as well as 'One Leg Out' payments – such as when the beneficiary or originator is located outside the EEA.

Transaction charges

Payments in currencies where the originator and beneficiary are in EEA countries will use charge option 'SHA'. This means that transaction charges will be shared between the payer and payee.

Value dates*

PSD2 will impact the value dates given by banks. For transactions where payments are dealt in EEA currencies (or non-EEA currencies with some restrictions), the payment value date will be the date the bank receives the funds.

Regulation of Third Party Payment Providers (TPPs)

TPPs are Payment Service Providers who do not hold customer payment accounts. Under PSD2 there are two main types: Payment Initiation Service Providers (PISPs) and Account Information Service Providers (AISPs). PISPs will initiate a payment from a customer's bank account on their behalf, and AISPs will provide account aggregation services to customers. Under PSD2, banks are responsible for giving PISPs and AISPs access to a customer's account upon their consent.

Increased customer protection

There are some exemptions, but when using payment instruments and accessing online banking systems (even if read only), strong authentication can be required. There are limitations on charges, and increased obligations for the Account Servicing Payment Service Providers (ASPSPs) in case of loss or theft of a payment instrument.

Every time a payment is initiated, communications between all parties must be conducted in a secure way.

Key Roles: Who is Who?

Under PSD2, various institutions have a part to play. Use our diagram to help understand their roles1.

key roles

What is a PISP?

A PISP will be able to initiate payments on behalf of a customer from the customer's account with a bank (the ASPSP).

For example, someone making a purchase online can initiate a credit transfer via a PISP instead of using a debit or credit card. When customers choose this option, they agree to share their bank credentials with the PISP. The PISP then initiates a payment for the customer and the ASPSP will then execute the payment and debit the customer's account.

Under PSD2, a PISP must:

  • Have a PISP licence in their home country, and get passporting rights to operate in other European host countries.
    Not hold the payer's funds at any time, but only initiate payments in connection with the provision of the payment initiation service.
  • Ensure that the personalised security credentials of the customer are not accessible to any other parties, and that they are transmitted by the PISP through safe and efficient channels.
  • Ensure that any other information about the customer, obtained when providing payment initiation service, is only provided to the payee and only with the customer's explicit consent.
  • Ensure that every time a payment is initiated, communications between all parties are conducted in a secure way.
  • Not store sensitive payment data of the customer. Not request from the customer any data other than that which is necessary to provide the payment initiation service.
  • Not use, access or store any data for purposes other than for the provision of the payment initiation service as explicitly requested by the payer.
  • Not modify the amount, the recipient or any other feature of the transaction.

What is an AISP?

An AISP provides details on transactions and balances, and accesses account information.

With a customer's consent, AISPs will provide account aggregation services across different banks within the EEA to a customer, offering a view of multiple accounts in a single place. This means customers can have access to a comprehensive, aggregated view of their payment accounts via a single portal.

Under PSD2, an AISP must:

  • Have an AISP licence in their home country, and get passporting rights to operate in other European host countries.
  • Provide services only based on the customer's explicit consent.
  • Ensure that the personalised security credentials of the customer are not accessible to other parties, and that, when they are transmitted by the AISP, that it is done through safe and efficient channels.
  • Identify itself at each session to the ASPSP (ie bank) of the customer and securely communicate with the ASPSP and the customer.
  • Access only the information from the designated payment accounts and associated payment transactions.
  • Not request sensitive payment data linked to the payment accounts.
  • Not use, access or store any data for purposes other than for performing the account information service explicitly requested by the customer, in accordance with data protection rules.

Enhanced AISPs can also support personal financial management using spending and revenue patterns to help reach an individual's objectives.

As an example, a customer holding accounts in different banks across different countries can use an AISP to get consolidated reports of these accounts. These reports can provide various charts, such as an analysis of their expenses and revenues.

With the arrival of Payment Services Directive II (PSD2), these new services and their providers will be registered, licensed and regulated, increasing competition, providing more choices for customers, and encouraging lower prices for payments.

Impacts and Considerations

What is the impact of using a PISP in e-commerce activity?

When using an e-commerce website, the customer might be offered the opportunity to pay via a PISP service as an alternative to using a debit or credit card.

The customer must provide their consent to the PISP to initiate the payment from their payment account held by a bank, input their credentials as if they were connecting to an online banking service and select the particular payment account to be debited in favour of the merchant's account.

What is the impact of using an AISP to access accounts?

Customers can use AISPs to get a consolidated view of their accounts across various banks, including HSBC accounts. Customers must provide consent to an AISP for it to access their payment account. Following this, a bank will send the payment account data to the AISP.

Corporate opt-out

PSD1 and PSD2 are written with customer protection in mind, and as such, apply to both retail customers and corporate companies.

Since retail customers and corporate companies have different needs and requirements, PSD2 allows banks the option to use a 'corporate opt-out' for certain provisions.

Additionally, PSD1 and PSD2 contain an option for a member state to apply, or not apply, a particular article of the directive. For example, a country can have the option to classify microenterprises as 'corporates' or 'consumers'.

The Benefits

Increased transparency to payment fees and charges

  • Extended sharing of charges to non-EEA currencies within the EEA (Note: Due to the introduction of the shared charges requirement for intra-EEA payments in non-EEA currencies, the principle amount that is received may no longer be guaranteed).
  • Lower fees when replacing lost and stolen payments instruments such as cards or payment tokens.

Customer protection

If a customer reports to their bank an unauthorised transaction, then the customer, even when using a third party, will retain the 13-months refunds right. There is potential for HSBC to reduce this timeframe for corporate customers within contractual terms and conditions.

Enhanced security

PSD2 introduces strict security requirements and customer authentication applicable to payment accounts. This applies to all payment service providers, including newly regulated payment service providers. This stricter approach on security should contribute to reducing the risk of fraud for all remote and electronic payments and to protecting the confidentiality of the customer's financial data.

Efficient bank processing

  • Same day value date to credit a customer's account once the bank receives the funds (FX payments are subject to conversion).
  • D+1 refunds for unauthorised transactions prior to investigation, unless it is a fraudulent transaction.
  • 15 days service level agreement (SLA) for resolving PSD2 payment complaints – extended to 35 business days when external information is required.
  • Free option for the customer to report lost and stolen payment instruments.

Conclusion

Many in the industry believe PSD2 – along with Open Application Programming Interfaces (API) – will accelerate the digital economy in banking services.

Banks will need to open up legacy systems with APIs and, through the use of Open APIs, third-party developers will be able to build applications and services around the financial institution's systems. These applications and services will provide access to the traditional banking infrastructure. For customers, this will enable them to see and manage their finances through a portal not set up or maintained by their bank(s). Customers will also be able to move money between accounts when viewed in an aggregated format.

Implementing the directive doesn't mean customers and merchants will be able to take advantage of the benefits. Compelling propositions that help all parties do what they need to in a 'frictionless' way will make all the difference and that is where HSBC will be focusing its attention.

PSD2 should increase competition with new value propositions, services and solutions with the increase of online shopping and e-procurement.

As a leading payments provider, HSBC is looking forward to the new opportunities that PSD2 will bring, including service offerings that were not previously available to clients. We are currently working on our proposition for corporate clients and will be launching this in the near future.

*The value date is a reference date used by a provider for when the funds are available (in case of credit) or not available (in case of debit) in a customer's payment account.

1 Adapted from 'European Payments Council – PSD2 Explained'.

Issued by HSBC Bank plc (“HSBC”). HSBC does not warrant that the contents of this document are accurate, sufficient or relevant for the recipient’s purposes and HSBC gives no undertaking and is under no obligation to provide the recipient with access to any additional information or to update all or any part of the contents of this document or to correct any inaccuracies in it which may become apparent. The recipient is solely responsible for making its own independent appraisal of any investigation into the products, services and other content referred to in this document. This document should be considered in its entirety and shall not be photocopied, reproduced, distributed or disclosed in whole or in part to any other person without the prior written consent of the relevant HSBC group member. HSBC Bank plc is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. It is listed with the registration number 114216. HSBC Bank plc is a company incorporated under the laws of England and Wales with company registration number 14259 and its registered office at 8 Canada Square, London E14 5HQ. Copyright: HSBC Bank plc October 2017. ALL RIGHTS RESERVED.

You are leaving the HSBC Commercial Banking website.

Please be aware that the external site policies will differ from our website terms and conditions and privacy policy. The next site will open in a new browser window or tab.

You are leaving the HSBC CMB website.

Please be aware that the external site policies will differ from our website terms and conditions and privacy policy. The next site will open in a new browser window or tab.