Second level PSD2 – Changes in online banking from September 14, 2019 on

Second level PSD2 – Changes in online banking from September 14, 2019 on

The Second EU Payment Services Directive (Payment Service Directive 2 or PSD2) is causing major changes in online banking. Its implementation takes place in two different stages and started on January 13, 2018.

In this first stage, inter alia, the surcharching ban and the reduction of the strict liability limit for abusive card orders to 50 euros were included.

The second stage of implementation will take place on September 14, 2019. Below we have summarized the most important changes for you.

All the innovations of the PSD2 are aimed at increasing security in online banking and credit card payments.

Strong customer authentication

As of September 14, 2019, the so-called two-factor authentication applies to the banking application and thus replaces the print version of the iTAN (indexed TAN list) of the credit institutions in their validity.

The background is that payment orders such as transfers must be dynamically verified - the indexed one-time passwords of the iTAN contradict this requirement.

Payments must be confirmed by two independent characteristics. These may be associated with knowledge (such as a PIN), a possession (such as a TAN), or an inherence (such as a fingerprint).

Use of third party services

PSD2 also opens up payment transactions within the EU to third parties that do not necessarily have to be banks. The aim here is to expand competition and increase consumer protection through new solutions and security measures.

These third parties receive access to account (XS2A) to customer accounts, as well as the query of account information (SISPs) and the initiation of payments (PISPs). End customers are entitled to use regulated third party services under the Payment Services Supervision Act. This will allow customers to engage in payment initiation services, such as those offered on online shopping sites. Account sales and balance of different banks can be viewed through account information services.

Protection of customer data

The possibilities for open banking and new financial service providers are given by the PSD2 – but what about security issues, if banks are obliged to give third parties access to customer data?

Rohde & Schwarz Cybersecurity offers tailor-made solutions to meet regulatory requirements and to protect application programming interfaces (API). Our solutions protect customer data and thus ensure compliance with PSD2.

PSD2 in Switzerland

A central role of PSD2 is in increasing security requirement and liability regulations. The signal is to open banking and payments. Switzerland, as a non-EU member, is not obliged to implement the regulation – but a moderate, PSD2-based regulation is likely.

Request information

Do you have questions or need additional information? Simply fill out this form and we will get right back to you.

Autorizzazione al marketing

Desidero ricevere informazioni da Rohde & Schwarz tramite

Cosa significa nello specifico?

Accetto che ROHDE & SCHWARZ GmbH & Co. KG e l’entità ROHDE & SCHWARZ o l’azienda controllata riportata nelle note legali di questo sito web, potrà contattarmi tramite il canale prescelto (e-mail o posta) per scopi di marketing e pubblicità (ad es., informazioni su offerte speciali e sconti) in relazione a, in via non limitativa, prodotti e soluzioni del settore di collaudo e misurazione, comunicazioni sicure, monitoraggio e collaudo di rete, trasmissione, media e sicurezza informatica.

I tuoi diritti

La presente dichiarazione di consenso può essere revocata in qualsiasi momento inviando una e-mail con oggetto “Annulla iscrizione" all’indirizzo In più, in ciascuna e-mail pubblicitaria inviata sarà allegato un link per annullare l’iscrizione. Nella ”Dichiarazione di riservatezza” vengono definiti ulteriori dettagli sull’utilizzo dei dati personali e sulla procedura di ritiro.

La tua richiesta è stata ricevuta. Ti ricontatteremo a breve.
An error is occurred, please try it again later.