Prepare for the transition from PSD2 to PSD3 regulation

The European Commission has published draft legislation for the third Payment Services Directive (PSD3). Proactive businesses are learning from the implementation of PSD2 to prepare for PSD3 compliance.

PSD3 legislation in the UK

Whilst the UK is no longer technically obligated to follow EU legislation, the UK and EU payments industry is so intertwined that the UK is likely to come under pressure to review and calibrate our equivalent domestic rules with PSD3. The widely-held expectation is that UK regulators will review PSD3 legislation ahead of its implementation and announce equivalent UK rules to achieve the same, if not better, outcomes for the UK payments industry.

So, how does PDS3 change things for EU firms and what can UK businesses expect when the regulations come into force?

Learn More

From PSD2 to PSD3: What to expect from the proposed regulatory changes

The review process mandated by the European Commission’s PSD2 regulation has led to the development of the PSD3 draft proposal, which will evolve requirements for prioritising consumers’ interests, security and trust.

What are some of the developments that have triggered the need for changes from PSD2 to PSD3?

Since the introduction of PSD2 in 2019, the payment services market has seen significant changes. These include the phenomenal growth of electronic payments, the entry of new fintech players, the emergence of open banking and new use cases like instant payments, contactless payments, crypto payments, Buy Now Pay Later (BNPL), embedded finance and Request to Pay.

The EU Commission opened consultations into revisions for PSD2 in May 2022 to measure and review the impact of PSD2 and consider developments in the payments landscape since the introduction of PSD2. As a result of the evaluation, which included advice from the European Banking Authority (EBA), a general and targeted public consultation and a report from an independent consultant, the European Commission decided to propose amendments to PSD2.

Learn More

What are the main proposals for PSD3?

The proposals can be summarised into six blocks:

Fraud Mitigation

The proposals include the extension of refund rights for fraud victims, the implementation of a robust system for Identity Verification, such as matching International Bank Account Numbers (IBANs) with account names, reinforcing customer authentication protocols, and enabling the sharing of fraud-related information among Payment Service Providers (PSPs) based on a legal framework.

Fairer Competition

To promote price competitiveness, PSPs will be granted access to all European Union (EU) payment systems. At the same time, payment and e-money institutions will gain secure access to bank accounts, fostering a level playing field among financial service providers.


E-money and payment institutions will be unified under a single, directly-enforceable regulatory regime applicable to all PSPs, ensuring a more straightforward and consistent framework.

Cash Availability

Measures will enhance the availability of cash through shops and cash machines (ATMs), enabling retailers to offer cash services without requiring a purchase, and providing clarity on regulations governing independent ATM operators.

Consumer Rights

The proposals aim to strengthen consumer rights through enhancing the transparency of account statements, addressing issues related to fund blockages, and providing clear guidelines on ATM charges; ensuring that consumers have better protection and understanding of their financial rights.

Open Banking Improvements

Dedicated Application Programming Interfaces (APIs) for data access will help eliminate the dual interface requirement for banks. This will support contingency data access for uninterrupted business operations, help establish consumer dashboards for managing data access rights, and expand access to financial data beyond payment account information.

How does LexisNexis® Risk Solutions enable businesses to effectively meet PSD2 requirements?

We support and simplify your PSD2 strategy to help meet customer expectations for payment safety, speed and convenience and we automate customer authentication (SCA) decisions to support an efficient, strong and PSD2-compliant process. Our suite of solutions helps businesses recognise trusted users and spot suspicious anomalies in near real-time, through passive authentication that supports convenient digital interactions by utilising multi-dimensional digital, physical and behavioural identity intelligence.

Device Binding

Ensure persistent and secure device recognition with LexisNexis® ThreatMetrix® which leverages Strong ID to create a cryptographic bind with a customer’s web, mobile browser, or app session, for meeting SCA possession-based compliance for PSD2.

Mobile App Authentication

Streamline step-up authentication for known/trusted devices using a secure mobile banking app to authorise a desktop or mobile browser transaction with LexisNexis® Push Authentication.

Behavioural Biometrics

Evaluate how a user interacts with a device, webpage or application in real-time to dynamically differentiate between a legitimate customer, a bot or a fraudster, with LexisNexis® BehavioSec®.

Transaction Risk Assessment

Improve transaction risk assessment by harnessing the power of global shared intelligence through the LexisNexis® Digital Identity Network® with access to data from billions of annual transactions across diverse industries.

Risk factors are collected, monitored and assessed through the LexisNexis® Dynamic Decision Platform which provides enhanced authentication, identity verification and fraud decisioning. This enables organisations to maximise insights and data to make the most appropriate risk decisions for PSD2 compliance and fraud prevention, while proactively identifying SCA exemption scenarios to keep trusted payments on track.

Frequently asked questions

PSD2, or the Second Payment Services Directive, is a regulatory framework introduced by the European Union around 2019 to enhance security, innovation and competition in the payment services industry. Some of the main requirements of PSD2 include the implementation of strong customer authentication (SCA), open banking APIs and the establishment of new roles such as Account Information Service Providers (AISPs) and Payment Initiation Service Providers (PISPs).

Strong customer authentication (SCA) mandates the use of multi-factor authentication to verify the identity of any consumer accessing their account online, initiating an electronic transaction or executing other high-risk transactions through a remote channel that might carry a risk of fraud. Multi-factor authentication requires that the customer can correctly present two out of three identifying factors:

PSD2 applies to a wide range of entities involved in payment services, including banks, payment service providers, fintech companies, and third-party providers. The regulation aims to create a level playing field and ensure a secure and efficient payment ecosystem for consumers and businesses.

One of the significant achievements of PSD2 is the promotion of open banking, enabling consumers to share their financial data securely with authorised third-party providers. This has led to increased competition, innovation, and the development of new services and products in the financial industry.

PSD2 allows for the integration of new third-party providers (TPPs) such as Payment Initiation Service Providers (PISPs), Account Information Service Providers (AISPs), and Card Issuer Service Providers (CISPs). This integration enables organisations to offer more seamless and innovative payment options to their customers.

Securing digital payments for Card Not Present (CNP) transactions with Strong Customer Authentication (SCA) has also resulted in a notable decline in card-not-present fraud, according to the European Central Bank.

Experience how LexisNexis® Risk Solutions can help your organisation to prevent identity fraud while providing a seamless customer experience

Insights & Resources