The second part of the DSP2 Directive (Payment Services Directive) aims to enhance the level of payment security and protect consumers by imposing strong authentication procedures for access to accounts and payment transactions.
- Enhance the security of your means of payment
- Process your data more securely
- Facilitate the use of data through payment service providers
To guarantee better verification of your identity during transactions carried out on your remote bank’s portal, the DSP2 directive makes "strong authentication" compulsory throughout Europe; a new way of authenticating online payments. This directive generalises the implementation of a strong double factor authentication (the combination of your password with your fingerprint or with a code sent to your phone for example).
Strong authentication, a mechanism established by the regulations
You will be asked for this authentication procedure:
- Every 90 days for access to accounts
- For each so-called "sensitive" transaction (changing your password, adding a beneficiary, making a transfer, etc.)
It requires the use of at least two out of the three authentication methods listed below:
- Information that only you know: password, secret code, etc.
- A device that belongs to you: mobile phone, tablet, etc.
- A “biometric” characteristic: voice, fingerprint, retina…
DSP2 and Open Banking
DSP2 also provides a regulatory framework for PSPs (Payment Service Providers) which are account aggregators and payment initiators which were not previously regulated, and makes it possible to carry out their activities in a secure manner:
Who are these Open Banking players?
- Account aggregators which allow you to view all your accounts opened in different banking establishments on a single interface. They allow you to view the history of operations or even manage a budget.
- Payment initiators, which allow the customer to initiate a payment from one of their bank accounts.
Banks must make distribution channels available free of charge to allow only approved PSPs that have received express consent to access the accounts of a common customer.
If you are an authorised payment service provider, our developer portal is at your disposal.
In this dedicated space, you will find the documentation necessary for the implementation of your access to the payment accounts authorised by your customers.