It’s not unusual for EU Directives to arrive with a whole host of acronyms and terminology, and PSD2 is no exception. From AISP to XS2A there are some new terms, some terms that have a new meaning in this context, and some established payment terms it’s always worth having a reminder about.
FICO created comprehensive glossary of 50 terms used within PSD2 regulation, including such gems, like EBA. Did you know EBA stands for European Banking Authority, an independent EU body that has responsibility for developing the Regulatory Technical Standards and guidelines for PSD2. And then there’s the Euro Banking Association, an industry forum for the European payments industry.
You can find full list on official FICO web or access the file directly the PDF here
AISP – Account Information Service Provider An authorised entity that provides aggregation services related to payment accounts such as bank accounts. PSD2 allows AISPs authorised access to bank account data through an API. An example of a service an AISP could provide is personal financial management: a single platform where an account holder can login to view and manage multiple bank accounts from multiple providers. AISP’s can be existing banking providers or third parties.
ISO 20022 This is an international messaging standard for electronic data interchange between financial institutions. It is expected that ISO20022 will be the standard deployed to enable the use of the API’s between the ASPSPs and the PISPs and AISPs.
KYC – Know Your Customer In the context of PSD2 Know Your Customer refers to the authentication needed to secure payments. This is managed either through Strong Customer Authentication or Transaction Risk Analysis. Further requirements are documented in the Fourth Money Laundering Directive.
Open Banking Refers to the opening up of banking systems to third parties to allow them to provide services directly to their joint customers. Open Banking is one of the main drivers of PSD2 (and other global open banking initiatives) the objective is to improve consumer choice and increase competition in the banking sector. Open banking will be achieved through the development of APIs. Also known as Access to Accounts (XS2A).
PAS 499 Managed by the British Standards Institute PAS 499 is a planned UK code of conduct for enhanced identity and authentication online. It is being developed by the MIDAS alliance, an industry body in which FICO participates. The aim is to provide an acknowledged identity verification standard that can be referred to when implementing legislation including PSD2
PISP – Payment Initiation Service Providers A regulated entity which allows customers to initiate payments without the customer needing to directly access their bank account or use a debit or credit card. PSD2 allows authorised PISPs authorised access to bank accounts through an API. Payment Initiation Services can be provided by existing retail banks, payment service providers or by third parties.
RTS- Regulatory Technical Standard The Regulatory Technical Standard provides the rules by which PSD2 will be implemented. The European Banking Authority is responsible for the development of the RTS to meet the objectives of
PSD2 as defined by the European Commission. SCA -Strong Customer Authentication A methodology by which PSD2 looks to secure payments. Strong Customer Authentication aims to reduce payment fraud and is based on authenticating payment initiation using multiple factors that include inherence, possession and knowledge.
Secure Execution Environments Refers to a hardware element, such as a SIM Card, on a mobile device that is secure and can therefore be used to store sensitive data such as financial data and passwords. For PSD2 Secure Execution Environments are referenced in terms of providing independent environments to manage multiple factors for authentication separately even if on the same device.
XS2A – Access to Accounts This is a term, coined before Open Banking, which refers to access to payment accounts by third parties acting on behalf of the Payment Service User. The basic requirements are set by the European Banking Authority which define how data from bank accounts is accessed for PSD2. It makes it mandatory for banks to set up access to bank account data via API, although there are multiple standards for APIs including those from the Berlin Group, due for consultation in Q4 2017 This will enable consumers to logon to their bank accounts on a third-party provider’s platform without exposing their bank login data to them.