PSD2, also known as the revised Payment Service Directive, is a piece of legislation designed and used by countries of the European Union And the European Economic Area, so-called the EEA, to regulate their payment services and payment service providers. Although the first Payment Service Directive, implemented in 2009, has set out the legal foundation for uniform payment services, this legislation did not include new services that appeared with digital economy development. The new directive, known as PSD2, was proposed in 2013 to keep up with the emergence of digital innovations within the payments industry. PSD2 replaced the first Payment Services Directive in 2015 but fully came into force in January 2018. This new directive aims to increase competition, improve consumer protection, reinforce security in the payments market, provide more choices for customers, and encourage lower prices for payments. To increase customer protection and security in the payments market, when using payment instruments and accessing online banking systems, with some specific exemptions, PSD2 requires payment service providers to use strong authentication and common and secure communication principles. Also, to boost competitiveness and innovations, PSD2 brings new players, Third-Party Providers, also referred to as TTPs, into the payment value chain. This directive grants these new players equal opportunities to access consumers‘ financial data with other financial institutions and allows them to bring technological expertise and offer their ideas and solutions to the market. Under PSD2, there are two main types of TTPs:
- Payment Initiation Service Providers, also known as PISPs, are companies licensed to initiate payments on behalf of a customer from the customer’s account with a financial institution, usually a bank, under PSD2 known as the Account Servicing Payment Service Provider or the ASPSP.
- Account Information Service Providers, commonly called AISPs, are companies licensed to access a consumer‘s account held by financial institutions or so-called ASPSP when the consumer permits to do so.
What do AISPs do?
AISPs are authorized financial institutions that can only view the account information meaning that they cannot instigate payments or move money on behalf of their clients. AISPs can provide account aggregation services to customers across the EEA, delivering a view of multiple accounts in a single dashboard. Also, AISPs can only retrieve, store and consolidate any financial information, including the name and number of the account, balance, standing orders, direct debits, transactions, exclusively for analysis, aggregation, advisory and informational purposes. However, to retrieve consumers’ information, AISPs must have the permission of the individual or business that owns the account before being able to access the data. Consumers benefits by using an AISP to access accounts because they can time-efficiently and comfortably get a consolidated view of their accounts across various financial institutions despite where they are located – in their home country or other countries in the EEA. Having a comprehensive, aggregated view of their financial accounts allows users to take insights into their financial behavior, control their financial data, plan their spendings, and speed-up various financial services, such as taking credit or applying for loans.
How can AISPs access a customer‘s data?
First of all, under PSD2, customers must provide consent to AISPs to allow access to their payment account. As described in PSD2, ASPSPs must give AISPs access to account data via a secure communication channel upon their consent. The account data exchange between different parties is possible due to Application Programming Interfaces, known as APIs, whose utilization is also strictly governed by PSD2. Also, under PSD2, companies that want to be AISPs must have an AISP license in their home country and get passporting rights to operate in other EEA countries. AISPs must ensure to access only the information from the payment accounts and associated payment transactions and not use, access, or store any data for purposes other than performing the account information service requested by the customer. To find out more about AISPs, click the link: https://nordigen.com/en/products/account-information/