PSD glossary: An overview of industry acronyms

PSD2 is the payments industry’s favorite acronym – though PSD3 is likely to take over in the years to come.

You may already be familiar with the European Union's PSD legislation and what PSD2 means to merchants and their customers. And you’ll know that there’s quite a few technical words thrown into mix.

Today we’re diving a bit deeper and talking through the different acronyms that you’ll often hear in association with the legislation.

See this blog post as your PSD2 glossary - bookmark it, share it with your friends - you know the drill.

3DS - 3-D Secure

3-D Secure (3DS) is an additional method of security for preventing fraud during online payments. 3DS requires cardholders to provide additional verification when making a purchase, such as a password associated to an account, to prevent fraudsters from completing the transaction. Merchants can buy 3DS server solutions to implement this, or otherwise do 3DS through PSPs.

API - Application Programming Interface

An API is a set of clearly defined methods of communication between software components. In the context of PSD2, it means a clear and simple set of methods and documentation that will make it easy to exchange information and transactions between a bank, a gateway and a merchant. This will be a key enabler of open banking. A good example can be found here (link to developer.ravelin.com) of a clear, concise and predictable API documentation.

AISP - Account Information Service Providers

Account Information Service Providers (AISPs) will be able to extract a customer’s account information data including transaction history and balances, likely to offer tailored finance products and money-saving opportunities, e.g. Moven and Mint. Banks, fintech companies and non-traditional financial services companies currently have the capacity to develop AISP solutions, but banks will likely dominate over third-party providers.

EBA - European Banking Authority

The European Banking Authority is an EU Authority which works to ensure effective regulation and supervision across the European banking sector.

FCA - Financial Conduct Authority

The FCA stands for Financial Conduct Authority, and it is a regulatory body that regulates financial markets to protect consumers and provide a level playing field for the industry. The FCA ensures that the market is regulated and remains fair and effective and also promotes competition.

KYC - Know Your Customer

Know Your Customer (KYC) is a way for a business to verify and identify an online customer. Banks are required to apply appropriate KYC measures to their customers, which may be providing detailed information about a customer when opening an account or asking to provide specific documentary to identify and verify the consumer.

PSD2 - Payments Services Directive 2

Payments Services Directive 2 (PSD2) is a piece of European legislation that requires financial services to contribute to a more integrated and efficient payments ecosystem.

PSD3 - Payments Services Directive 3

Expected to come into effect in 2027, PSD3 is a set of new rules by the EC to further modernize the digital payments landscape on the continent.

PSR - Payments Services Regulation

The Payment Services Regulation looks to adopts some of PSD2 into a Regulation – which allows for more consistent application across countries and does not need to be transposed into member state law.

PSP - Payment Service Providers

Payment Service Providers (PSPs) are companies who support merchants in accepting and processing electronic payments.

RTS - Regulatory Technical Standards

The Regulatory Technical Standards (RTS) are the regulatory requirements set by the EBA to ensure that payments across the EU are secure, fair and efficient.

SCA - Strong Customer Authentication

Strong Customer Authentication (SCA) is the method of providing additional proof that you are you when purchasing a product. This step is highly effective at stopping fraudsters in their tracks as they additional security measures mean they won’t be provide the proof.

Strong customer authentication (SCA) is mandatory for all electronic payments under PSD2. SCA requires at least two of three categories of information for authentication:

• Knowledge - something the user knows, e.g., a password
• Possession - something the user has, e.g., a mobile device
• Inherence - something the user is, e.g., via a fingerprint

At least one of the factors of authentication must be linked to the amount and payee.

TPP - Third Party Payment Service Providers

Third Party Payment Service Providers (TPPs), also known as third party processors are processors that let you accept payments without a merchant account. A good example of a TPP is PayPal.

The advantage of TPPs is that they allow consumers with additional options to access their money without needing to directly interact with their bank. Under PSD2 regulation, TPPs need to ensure that there are structures in place to provide extensive security of information and consumer data that fit within the scope of the regulation standards.