PSD2 Access to Bank Accounts
The revised Payment Services Directive (EU 2015/2366, also known as PSD2) came into force on 12 January 2016 and for most of the provisions, Member States had until 13 January 2018 to implement them into national laws.
The most debated and impactful parts of PSD2 are related to the provisions on Strong Customer Authentication (SCA) for online payments and on the introduction of new 'payment initiation and account information services', operated by Third Party Providers (TPPs). The PSD2 security measures related to TPP account access and to SCA are more detailed in the EBA RTS (European Banking Authority Regulatory Technical Standards) and enter into force on 14 September 2019.
Based on the PSD2 and EBA RTS requirements, Berlin Group NextGenPSD2 has worked on a detailed 'Access to Account (XS2A) Framework' with data model (at conceptual, logical and physical data levels) and associated messaging.