COVID-19 AWARENESS: Xcina Consulting is open and operating, as usual, and here to support organisations during these challenging times. We are available to provide risk assurance and advisory services to help navigate the challenges of the new ways of working. Contact Us
Menu Close

PSD2, Customer authentication rules apply from 14th September 2019


  • Originally introduced in 2007, the Payment Services Directive, “PSD” sets out the regulatory requirements for firms that provide payment services.
  • Established to create a single market for payments in the EU, create a platform for the single Euro payments and in general, protect consumers rights when making payments.
  • Published on 23rd December 2015, came into effect on the 13th January 2018.
  • Key objective: to contribute to a more effective and integrated payments market, make online and cross border payments safer and more secure, protect consumers and improve the level playing field for payment services providers.


  • Access to customer account information – Account aggregators and other financial technology companies gain access to customer payment account information by 14th March 2019
  • Liability to be shared between Payment Services Providers for incorrect or late payments with each Payment Services Provider being liable for issues with their part of the transaction.
  • Transparency of payments and charges – both the payer and payee in a transaction are entitled to receive information, before the payment is processed about the charges applied to transactions from their respective Payment Services Provider.
  • Customer authentication – stronger customer authentication rules and procedures for the identification and validation of the customer and the authorised third party service provider, specifically for remote electronic payment transactions from 14th September 2019.
  • The European Banking Authority, EBA was tasked with developing technical standards to support PSD2, including developing standards on stronger customer authentication and common and secure requirements for communication on customer authentication and notification and information between account servicing payment service providers, payment initiation service providers, account information service providers, payers and payees.
  • The FCA has recently issued policy statement PS18/24 (19th December 2019) reflecting these PSD” Rule changes.


  • Effective from 13th January 2018
  • 01.01.19 – Payment Services Providers must record fraud statistics from 1st January 2019.
  • 14.03.19 – Access to customer information for all account aggregators and other financial technology companies
  • 14.09.19 – Customer authentication rules apply
  • Additional Technical Standards following on a continued basis through to Q3, 2019

Next Steps

  • Additional Regulatory Technical Standards “RTS” to follow through the European Banking Authority
  • Technical Standards and Guidelines continue to develop, further updates and implementing guidelines to follow before Q3, 2019.

The following RTS are of focus by the EBA:-

  • Guidelines on Complaints Handling (ESMA and EBA)
  • Guidelines on Home and Host Cooperation under PSD2
  • Guidelines on Fraud Reporting under PSD2