What Is PSD2 and How Does It Affect UK Banking?

PSD2: The Regulation That Opened UK Banking

The Second Payment Services Directive (PSD2) is European Union legislation that came into effect in 2018, fundamentally changing how banks must handle customer data and payment services. Although the UK has now left the EU, PSD2 was implemented into UK law and its provisions continue to shape British banking through domestic regulations.

What PSD2 Required Banks to Do

PSD2 mandated that banks provide open APIs — standardised technical interfaces allowing authorised third-party providers to access customer account data (with customer consent) and initiate payments directly from bank accounts. This was the regulatory foundation for Open Banking in the UK.

Two Types of Third-Party Providers

• Account Information Service Providers (AISPs): Apps that read your account data to provide services — budgeting tools, financial aggregators, credit scoring services
• Payment Initiation Service Providers (PISPs): Services that can initiate payments directly from your bank account — paying a bill without entering card details, or paying online retailers directly from your current account

Strong Customer Authentication (SCA)

PSD2 introduced Strong Customer Authentication — requiring two of three factors (something you know, something you have, something you are) for online payments. This is why you now receive more frequent authentication challenges when shopping online. SCA has significantly reduced card fraud on digital transactions.

Post-Brexit UK Position

The UK retained PSD2's principles through the Payment Services Regulations 2017, which remain in force. The UK government has been developing a domestic Smart Data framework that builds on Open Banking — potentially going further than PSD2 by extending data-sharing obligations to other sectors.