If your business handles online payments in Europe or serves customers who live there, you’ve likely heard of PSD2.
VELLIS NEWS
14 Jul 2025
By Vellis Team
Vellis Team
Automate your expense tracking with our advanced tools. Categorize your expenditures
Related Articles
Vellis News
1 April 2025
The Automated Clearing House (ACH) is the backbone of electronic payments in the U.S., handling direct deposits, bill payments, and business transactions. This network processes billions of ACH payments each year, connecting over 10,000 financial institutions.
Vellis News
19 May 2025
In today’s world, a fee-for-service in healthcare can neatly be explained as a payment model where providers are reimbursed for each individual service, test, or procedure they perform.
Vellis News
27 March 2025
A digital wallet, or e-wallet, is a virtual version of a physical wallet that securely stores payment methods like credit cards, cryptocurrencies, and gift cards. It simplifies online and in-store purchases using technologies like QR codes and Near Field Communication (NFC).
PSD2, or the Second Payment Services Directive, is a European regulation that aims to make electronic payments more secure, competitive, and innovative. It sets strict standards for authentication, opens up banking data to third-party providers (with user consent), and pushes businesses to modernize their payment infrastructure.
Whether you’re an e-commerce store, fintech startup or an international brand accepting European payments, understanding PSD2 compliance is essential. This guide breaks down what PSD2 covers, how it works, who it affects, and what you should be doing to comply.
What is PSD2 really? Introduced by the European Commission and came into force in 2018, PSD2 replaced the original Payment Services Directive (PSD1) from 2007. The upgrade was necessary: the digital economy had evolved dramatically, and regulators needed to catch up.
The goal is to create a more integrated European payment market, strengthen consumer protections, and lay the groundwork for open banking. With PSD2, the EU aimed to remove barriers to innovation, level the playing field for new entrants, and crack down on fraud.
Though it’s an EU regulation, the ripple effects of PSD2 are global. If you’re based outside the EU but sell to EU customers, PSD2 compliance may still apply.
PSD2 focuses on three major goals.
PSD2 allows third-party providers (TPPs) to access bank account information (with customer permission), which encourages innovation from fintechs and startups.
Strong Customer Authentication (SCA) is now a requirement for many online transactions, making fraud more difficult and payments more secure.
Businesses must clearly disclose fees, charges, and exchange rates – no more hidden surprises.
This regulation applies to any organization offering payment services in the EU or handling EU customer data, which includes global platforms, marketplaces, and even app-based fintech companies.
So, what is PSD2 compliance in practice? Here are the core elements your business must consider:
SCA requires multi-factor authentication (at least two of the following: something the customer knows, has, or is). This applies to most online card payments unless they fall under certain exemptions (e.g., low-value or recurring transactions).
Banks must open up their systems to licensed TPPs, allowing these providers to retrieve account data or initiate payments on behalf of customers with explicit consent.
Businesses acting as AISPs (Account Information Service Providers) or PISPs (Payment Initiation Service Providers) must be licensed and follow strict data and security protocols.
Meeting PSD2 compliance involves technical integrations (like API access), reworking user flows (to accommodate SCA), and staying up to date with regulatory changes.
PSD2 affects industries differently, but the impact is widespread:
For global businesses, PSD2 compliance adds complexity. You’ll need to support authentication standards in EU markets while managing different rules elsewhere.
While PSD2 may seem like a headache at first, it brings several long-term benefits:
PSD2 created an entirely new category of financial service providers:
These TPPs must be licensed and regulated by national financial authorities in the EU. Banks are required to provide secure, standardized APIs to connect with them.
For businesses, the bridge between traditional banks and TPPs is often built by payment processing providers. These partners help ensure that transactions, data, and security requirements are managed according to PSD2 standards.
Let’s clear up a few common myths about PSD2.
Not true; if you serve customers in the EU, PSD2 applies.
Fraud prevention is key, but PSD2 is also about enabling a more open and competitive market.
Not necessarily. PSD2 requires full SCA across different payment types and flows, not just credit card layers.
Unless your transactions qualify for exemptions, SCA is a mandatory part of compliance.
SD2 represents a major shift in how payments work across Europe and beyond. It’s a call for more transparency, tighter security, and broader access to financial systems. As the landscape continues to evolve with real-time payments, PSD2 compliance evolving across borders, and even conversational AI for finance, it’s important to stay agile and informed.
Any business that processes payments for EU customers is potentially subject to PSD2 compliance.
The main PSD2 rules took effect in 2019, with phased extensions for Strong Customer Authentication (SCA) into 2020–2021.
Yes, international businesses serving EU-based customers must comply with PSD2 requirements.
They are required to provide open APIs for third-party access and enforce strong customer authentication protocols.
Non-compliance can lead to regulatory fines, service restrictions, and potential disruption of payment operations.
European Commission. (2015). Directive (EU) 2015/2366 on payment services in the internal market (PSD2). https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32015L2366
European Banking Authority. (2020). Final Report on Draft Regulatory Technical Standards on Strong Customer Authentication and Common and Secure Communication under PSD2. https://www.eba.europa.eu/eba-publishes-final-report-on-draft-rts-on-strong-customer-authenticationDeloitte. (2019). PSD2: Opening the door to innovation in payments. https://www2.deloitte.com/uk/en/pages/financial-services/articles/psd2.html
Ready to transform your financial management?
Sign up with Vellis today and unlock the full potential of your finances.
Related Articles
Vellis News
1 April 2025
Whether it’s conducting important international transactions, playing a fun game on a PC, or doing online shopping, every business wants and needs to enable safe and tangible transactions. However, certain businesses and industries are characterized as high-risk, hence they are prone to fraudulent activities, chargeback, and regulatory problems.
Vellis News
11 April 2025
Sprucing technological advancement in a broad spectrum of business has made global e-commerce rise. Global e-commerce, put plainly, represents the sale of goods and services to international customers through various cutting-edge digital platforms.
Vellis News
19 May 2025
In today’s world, a fee-for-service in healthcare can neatly be explained as a payment model where providers are reimbursed for each individual service, test, or procedure they perform.
We use cookies to improve your experience and ensure our website functions properly. You can manage your preferences below. For more information, please refer to our Privacy Policy.
PCI DSS-certified and listed on Visa’s Global Registry – verified security you can trust.
© 2025 Vellis Inc.
Vellis Inc. is authorized as a Money Services Business by FINTRAC (Financial Transactions and Reports Analysis Centre of Canada) number M24204235. Vellis Inc. is a company registered in Canada, number 1000610768, headquartered at 30 Eglinton Avenue West, Mississauga, Ontario L5R3E7, Canada.