What is PSD2 and how will it impact payments?

25 June 2020

The revised Payment Services Directive, better known as PSD2, is a European regulation aimed at bringing increased competition, transparency and security in payment services.

What are the key areas that PSD2 covers?

On 13 January 2018, the second Payment Services Directive (PSD2) officially came into force across Europe, replacing the original 2009 regulations. PSD2 is a broad-reaching piece of legislation and aims at bringing increased competition, greater transparency and security across the European payments landscape.

The key areas of change are as follows:

  • Expanded the in-scope payments to include non-EEA currencies for payments within the EEA and so called ‘One Leg in/One Leg Out’ transactions (i.e. payments in and out of EEA countries from non-EEA countries)
  • Mandate the use of SHA charging for all payments within the EEA, irrespective of the currency of the payment
  • Standardisation of Complaint handling
  • Set minimum standards of Strong Customer Authentication (SCA) for payments and online banking services
  • Introduction of third party providers such as Payment Initiation Service Providers (PISPs) and/or Account Information Service Providers (AISPs) to pave the way for Open Banking.

The European Commission leaflet ‘Your rights when making payments in Europe’ PDF provides helpful information on PSD2.

Capturing a broader scope of payments

One of the fundamental changes is that more payments have been brought in-scope of PSD2. Previously, PSD1 only regulated payments within the EEA and in member state currencies (e.g. GBP, EUR, PLN etc). This changed with PSD2 to cover all payments regardless of currency, both, within the EEA and to/from EEA countries from/to non-EEA countries.

Effectively, there are three categories of payments which are in-scope of PSD2:

  • Payments in EEA member state currencies where both the Sending and Beneficiary Banks are based in the EEA
  • Payments in non-EEA member state currencies where both the Sending and Beneficiary Banks are based in the EEA
  • Payments where “one leg” of the payment (irrespective of the currency) is in the EEA i.e. either the Sending Bank or the Receiving Bank of the payment is based in the EEA. These are commonly known as “One Leg Out/One Leg In” transactions.

Each payment category has differing levels of requirements and obligations.

A key change is around the use of SHA charging. All transactions within the EEA can only have SHA charging (i.e. sender pays their bank’s charges and the beneficiary pays their bank’s charges), irrespective of the currency. The use of OUR (i.e. sender paying all bank charges) or BEN (i.e. receiver paying all bank charges) are no longer available for payments within the EEA.

The benefits of PSD2

PSD2 introduces a number of benefits for both corporates and clients alike:

  • Greater transparency around terms and conditions, FX rates and your account balances across multiple financial providers;
  • Greater security in the way that payments are accepted;
  • Increased competition between established providers and innovative new entrants to the market.

Third Party Access and Open Banking

PSD2 regulation created two new regulated entities, namely, Payment Initiation Service Providers (PISPs) and Account Information Service Providers (AISPs), also known as Third Party Providers (TPPs). Payment initiation and account information services provided through a TPP is commonly referred to as Open Banking.

Find out more about how Barclays can help you get to grips with Open Banking.

Requirement for Strong Customer Authentication (SCA)

A key requirement for PSD2 is to ensure that there are adequate security protocols in place to authenticate clients when using online platforms and services. These requirements are specifically linked to the Regulatory Technical Standards on Strong Customer Authentication and Secure Communication, which went live on 14th September 2019. At a high level, payments must be authorised by using at least two of the following authentication factors:

  • Knowledge (something only the user knows) – for example, a password
  • Possession (something only the user possesses) – for example, a smartcard
  • Inherence (something only the user is) – for example, a biometric fingerprint.

There is no impact for majority of the Barclays Corporate customers using the corporate banking channels for their online banking services as these channels are already compliant with the requirements for Strong Customer Authentication.

How does SCA apply to online/e-commerce Corporate Debit Card transactions?1

SCA provides more protection against fraud when making purchases online using your Corporate Debit Card. Instead of being asked for one factor of identification like a card number, SCA provides more protection as it uses two factors of identification (sometimes referred to as 2FA) to confirm it is you making the payment transaction online.

We have three ways you can confirm it's you:

  • PINsentry card reader – A PINsentry card reader generates a code to enter into the verification screen to help confirm it’s you. To use this, you’ll need to have your debit card and PIN to hand along with the card reader
  • One-time Password via SMS) - We’ll send you a one-time verification code to your UK mobile number, which you then enter into the verification screen to confirm it’s you. It’s important that we have your correct UK mobile number so you can confirm it’s you when you’re shopping online
  • Mobile PINsentry –If you are a personal customer with Barclays and have registered for the Barclays Mobile Banking App, you will be able to use the mobile PINsentry feature to authenticate your payment.

1 For online/e-commerce transactions in the UK, Strong Customer Authentication requirements must be implemented by March 2021.

Read related insights



Discover answers to some of the frequently asked questions regarding PSD2 and SCA.


Regulation in Review

New regulations are having a major impact on Corporate UK, with organisations requiring to make significant investments in their processes and systems.


Open Banking

What is it, and what does it mean for me?



Barclays works with you to deliver the solutions that expand your business possibilities.