Harness the power of your data
Support and investigations
Support services for Ravelin
Online payment fraud
Deep dives on fraud & payments topics
API & developer docs
APIs, glossary, guides, libraries and SDKs
Global Payment Regulation Map 2022
Track PSD2 & more with a full report
The latest fraud & payments updates
In-depth guides to fraud, payments &
Discover the story about Ravelin
Join our dynamic team
Read more about our happy customers
Join our partner programme
Support & investigations
Global Payment regulation map 2022
In-depth guides to fraud, payments & security
Read more about our happy custmomers
The ultimate guide to PSD2, 3D Secure, strong customer authentication, risk analysis and managing exemptions
Get your free copy in your inbox now
The Revised Payment Services Directive (PSD2) is a set of laws and regulations for payment services in the European Union (EU) and the European Economic Area (EEA). It’s been around for a while - it was passed in 2015 - but the most important aspects for online payments come into effect in stages from 2019 all the way through to 2022.
A lot has happened since PSD1 was passed in 2007. Apple have released 18 versions of the iPhone, scientists have cloned human cells... and Europe’s online payments have been rocked by market developments. Read more detail on the background here and read on for a summary of the major trends...
The European Central Bank (ECB) recorded a 66% increase in card not present fraud (online payment fraud) between 2011-2016, which was the main reason behind why fraud overall increased by 35%. Online fraud now makes up 73% of fraud in Europe and this is steadily rising.
Application Programming Interfaces (APIs) allow different systems to talk to each other. APIs are fundamental to the success of companies like Amazon, Google, Uber, Stripe, Braintree etc. and they’ve supported the creation of whole new business models, including fintechs. APIs will provide the means for banking and payments to become more open.
Since PSD1 there has been growth and innovation in the digital payments market with a whole host of new fintech players. So far, these new business types have not been fully regulated and agreements have been somewhat ad-hoc. PSD2 will provide standards and structure and allow these new companies to access customer bank accounts.
PSD2 is part of a wider legislation which has a whole range of implications for banks, payment providers, third party providers and consumers - more detail on far-reaching effects in this podcast. On this page we’ll focus on the changes to online payments and how they will affect online sellers and payment providers.
PSD2 aims to secure digital payments and expand the financial ecosystem
Most online payments in the EEA will require strong customer authentication. This means two-factor authentication which meets the European Banking Authority (EBA) requirements - we’ll come back to this later.
Any company providing payment services in the EU will require a payment license and be authorised and registered by the EBA.
Opening up of bank data to make room for new players, including two new kinds of third party providers (TPPs):
Under PSD2, strong customer authentication is required on all payer-initiated transactions when both the card issuer and acquirer are within the EEA. If only one of the two is within the EEA, SCA is not required - so a business based in the US with a US bank would not be required to enforce strong authentication. This type of transaction is called 'one leg out'.