Blog / Other

PSD2 glossary: An overview of industry acronyms

An overview of the terminology used in association with PSD2.

PSD2 glossary: An overview of industry acronyms

PSD2: the payments industry’s favourite acronym. You may already be familiar with the legislation (don’t worry if you’re not - we wrote an introduction to it here), and you’ll know that there’s quite a few technical words thrown into mix.

Today we’re diving a bit deeper and talking through the different acronyms that you’ll often hear in association with the legislation.

See this blog post as your PSD2 glossary - bookmark it, share it with your friends - you know the drill.

3DS - 3-D Secure

3-D secure (3DS) is an additional method of security for preventing fraud during online payments. 3DS requires cardholders to provide additional verification when making a purchase, such as a password associated to an account, to prevent fraudsters from completing the transaction.

API - Application Programming Interface

An API is a set of clearly defined methods of communication between software components. In the context of PSD2 it means a clear and simple set of methods and documentation that will make it easy to exchange information and transactions between a bank, a gateway and a merchant. This will be a key enabler of open banking. A good example can be found here (link to developer.ravelin.com) of a clear, concise and predictable API documentation.

AISP - Account Information Service Providers

Account Information Service Providers (AISPs) will be able to extract a customer’s account information data including transaction history and balances, likely to offer tailored finance products and money-saving opportunities, e.g. Moven and Mint. Banks, fintech companies and non-traditional financial services companies currently have the capacity to develop AISP solutions, but banks will likely dominate over third-party providers.

EBA - European Banking Authority

The European Banking Authority is an EU Authority which works to ensure effective regulation and supervision across the European banking sector.

FCA - Financial Conduct Authority

The FCA stands for Financial Conduct Authority, and it is a regulatory body that regulates financial markets to protect consumers and provide a level playing field for the industry. The FCA ensures that the market is regulated and remains fair and effective and also promotes competition.

KYC - Know Your Customer

Know Your Customer (KYC) is a way for a business to verify and identify an online customer. Banks are required to apply appropriate KYC measures to their customers, which may be providing detailed information about a customer when opening an account or asking to provide specific documentary to identify and verify the consumer.

PSD2 - Payments Services Derivative 2

Payments Services Derivative 2 (PSD2) is a piece of European legislation that requires financial services to contribute to a more integrated and efficient payments ecosystem.

PSP - Payment Service Providers

Payment Service Providers (PSPs) are companies such as Stripe and Braintree. PSPs are payment gateways that offer online businesses their services for accepting and processing electronic payments.

RTS - Regulatory Technical Standards

The Regulatory Technical Standards (RTS) are the regulatory requirements set by the EBA to ensure that payments across the EU are secure, fair and efficient.

SCA - Strong Customer Authentication

Strong Customer Authentication (SCA) is the method of providing additional proof that you are you when purchasing a product. This step is highly effective at stopping fraudsters in their tracks as they additional security measures mean they won’t be provide the proof.

Strong customer authentication (SCA) becomes mandatory for all electronic payments under PSD2, although the provisions relating to SCA will only apply from 18 months after the date of entry into force of the regulatory technical standards (RTS), which is expected lin late 2019. SCA requires at least two of three categories of information for authentication:

  • Knowledge - something the user knows, e.g., a password;
  • Possession - something the user has, e.g., a mobile device;
  • Inherence - something the user is, e.g., via a fingerprint.

At least one of the factors of authentication must be linked to the amount and payee.

TPP - Third Party Payment Service Providers

Third Party Payment Service Providers (TPPs), also known as third party processors are processors that let you accept payments without a merchant account. A good example of a TPP is PayPal.

The advantage of TPPs is that they allow consumers with additional options to access their money without needing to directly interact with their bank. Under PSD2 regulation, TPPs need to ensure that there are structures in place to provide extensive security of information and consumer data that fit within the scope of the regulation standards.

To learn more about PSD2 and SCA visit our insights page.

Related content