Second level PSD2 – Changes in online banking from September 14, 2019 on

Second level PSD2 – Changes in online banking from September 14, 2019 on

The Second EU Payment Services Directive (Payment Service Directive 2 or PSD2) is causing major changes in online banking. Its implementation takes place in two different stages and started on January 13, 2018.

In this first stage, inter alia, the surcharching ban and the reduction of the strict liability limit for abusive card orders to 50 euros were included.

The second stage of implementation will take place on September 14, 2019. Below we have summarized the most important changes for you.

All the innovations of the PSD2 are aimed at increasing security in online banking and credit card payments.

Strong customer authentication

As of September 14, 2019, the so-called two-factor authentication applies to the banking application and thus replaces the print version of the iTAN (indexed TAN list) of the credit institutions in their validity.

The background is that payment orders such as transfers must be dynamically verified - the indexed one-time passwords of the iTAN contradict this requirement.

Payments must be confirmed by two independent characteristics. These may be associated with knowledge (such as a PIN), a possession (such as a TAN), or an inherence (such as a fingerprint).

Use of third party services

PSD2 also opens up payment transactions within the EU to third parties that do not necessarily have to be banks. The aim here is to expand competition and increase consumer protection through new solutions and security measures.

These third parties receive access to account (XS2A) to customer accounts, as well as the query of account information (SISPs) and the initiation of payments (PISPs). End customers are entitled to use regulated third party services under the Payment Services Supervision Act. This will allow customers to engage in payment initiation services, such as those offered on online shopping sites. Account sales and balance of different banks can be viewed through account information services.

Protection of customer data

The possibilities for open banking and new financial service providers are given by the PSD2 – but what about security issues, if banks are obliged to give third parties access to customer data?

Rohde & Schwarz Cybersecurity offers tailor-made solutions to meet regulatory requirements and to protect application programming interfaces (API). Our solutions protect customer data and thus ensure compliance with PSD2.

PSD2 in Switzerland

A central role of PSD2 is in increasing security requirement and liability regulations. The signal is to open banking and payments. Switzerland, as a non-EU member, is not obliged to implement the regulation – but a moderate, PSD2-based regulation is likely.

Request information

Do you have questions or need additional information? Simply fill out this form and we will get right back to you.

Marketing permission

I want to receive information from Rohde & Schwarz via

What does this mean in detail?

I agree that Rohde & Schwarz GmbH & Co. KG and the Rohde & Schwarz entity or subsidiary company mentioned in the imprint of this website, may contact me via the chosen channel (email or postal mail) for marketing and advertising purposes (e.g. information on special offers and discount promotions) related to, but not limited to, products and solutions in the fields of test and measurement, secure communications, monitoring and network testing, broadcast and media, and cybersecurity.

Your rights

This declaration of consent may be withdrawn at any time by sending an email with the subject "Unsubscribe" to news@rohde-schwarz.com. Additionally, a link to unsubscribe from future email advertisements is contained in each email sent. Further details on the use of personal data and the withdrawal procedure are set out in the Statement of Privacy.

Your request has been sent successfully. We will contact you shortly.
An error is occurred, please try it again later.