PSD2 Directive

Are you ready for open banking? Data security in payment transactions.

What you need to know about PSD2 requirements

PSD2 paves the way for open banking and offers new opportunities to both established and young financial service providers. At the same time, new challenges are emerging, especially with regard to security. Banks are obliged to grant external providers access to their customers' data. They must therefore invest in APIs that enable such access.

Benefits of our solutions for PSD2 compliance

  • Protection of customer data and compliance with PSD2.
  • Effective protection of application programming interfaces.
  • Implementation of powerful mechanisms for customer data security and authentication.

Cybersecurity solutions to comply with the Second Payment Services Directive

To protect customer data, APIs need security . To this end, PSD2 provides for new technical regulatory standards (RTS). To help our customers become PSD2 compliant, we provide web application firewalls, tailored to the new regulatory requirements.

The PSD2 Directive revolutionizes banking services. Banks throughout the European Union have to pass on their customers' data to external financial service providers if customers allowed them doing so. The PSD2 thus leads to more competition in online financial services and paves the way for Open Banking. The latter is a system that gives users more freedom to choose services. Customer data must be available in a secure and reliable manner by application programming interfaces (APIs). Rohde & Schwarz Cybersecurity offers intelligent solutions that protect your customers' APIs from cyber attacks on personal data and vulnerable online services.

"The opportunities for open banking and new financial service providers are now possible with the PSD2 directive – but what about security when banks are obliged to give third parties access to customer data? Rohde & Schwarz Cybersecurity offers solutions to meet the regulatory requirements. These solutions protect application programming interfaces (API), secure customer data and ensure compliance with PSD2."

If you have further questions please contact us.

Second level PSD2

Second level PSD2 - changes in online banking from September 14, 2019 on

Do you have questions about the PSD2 directive? We recommend our news article.

The Second EU Payment Services Directive (Payment Service Directive 2 or PSD2) is causing major changes in online banking. Its implementation takes place in two different stages and started on January 13, 2018.

Featured PSD2 content
White paper: How to protect your Application Programming Interfaces

In this white paper you will learn about the Top 10 most critical API security risks and how to get an overall robust protection of your APIs.

Register now

Webinar: Protecting against the Top 10 most critical API security risks

In this webinar our experts present the top 10 most critical API security risks and how to reach a optimal API security level.

Register now

What does the PSD2 mean?

The "Second Payment Services Directive" (PSD2) applies within the EU to make cashless payments more secure, better protect customer data and generally make data transfers over the internet more secure.

What changes will the PSD2 directive bring for companies?

Enterprises are prohibited from charging fees for payments by credit card, SEPA direct debit or bank transfer. Furthermore, their payment services must be PSD2-compliant. This means that companies are only allowed to work with so-called payment-triggering services that are subject to and licensed by the German Federal Financial Supervisory Authority (BaFin) or the supervisory authority of another EU country.

What does "two-factor authentication (2FA)" mean?

Customers must confirm an online purchase by means of two security features, which must come from two different areas. This can be something that only the customer knows, such as a password or PIN. Something that a customer owns, such as a mobile phone, an EC or credit card or the TAN generator. Alternatively, something personal like the customer's fingerprint, his iris or voice.

What sanctions are there for companies that do not implement the PSD2 regulations?

If you offer payments that are not PSD2-compliant or work with payment service providers or platforms that are not licensed by a European supervisory authority, you are threatened with fines. In addition, competitors may claim damages, as non-compliance with the PSD2 regulations is considered a breach of competition.

Your monthly cybersecurity update

Your monthly cybersecurity update

Contact Us

Do you have questions or need additional information? Simply fill out this form and we will get right back to you.

Marketing permission

I want to receive information from Rohde & Schwarz via

What does this mean in detail?

I agree that Rohde & Schwarz GmbH & Co. KG and the Rohde & Schwarz entity or subsidiary company mentioned in the imprint of this website, may contact me via the chosen channel (email or postal mail) for marketing and advertising purposes (e.g. information on special offers and discount promotions) related to, but not limited to, products and solutions in the fields of test and measurement, secure communications, monitoring and network testing, broadcast and media, and cybersecurity.

Your rights

This declaration of consent may be withdrawn at any time by sending an email with the subject "Unsubscribe" to Additionally, a link to unsubscribe from future email advertisements is contained in each email sent. Further details on the use of personal data and the withdrawal procedure are set out in the Statement of Privacy.

Your request has been sent successfully. We will contact you shortly.
An error has occurred, please try again later.