Help & Contact
Branches
Search

PSD2 (Payment Services Directive)

The European PSD2 Payment Directive improves security through two-factor authentication and prevents unauthorised use

All the authentication procedures used by Bank Austria, CardTAN, MobileTAN SMS and MobileTAN Push already meet the two-factor requirements. What is new in PSD2 is that a second factor also has to be used upon login.
 

Aim of PSD2

To make EU money transfers more secure, and open up the market for new payment services - it should strengthen consumer protection, promote competition and guarantee neutrality in terms of technology and business models.

 

Questions & Answers

What does PSD2 (Payment Services Directive) change?
  • More security for online banking: With two-factor authentication, you are prompted more often than before to enter a TAN and this makes you less open to fraud.
  • Open Banking - “Access to Account”:  With your explicit consent, given through your bank, you can allow third-party service providers technical access to your payment accounts, meaning that you can also use services from third-party service providers that require account information or include payment orders.
What is two factor authentication?

Two-factor authentication authentication means combining two different and unrelated factors from the following categories: 

  • "Something you know" (something that only the user knows, e.g. a PIN), 
  • "Something you have" (something that only has the user, e.g. TAN), 
  • "Something you are" (something that is the user, e.g. biometric data such as a fingerprint), 

that are used to authenticate a user electronically.
 

When is two-factor authentication applied?

Two-factor authentication must be completed whenever you

  • access your payment account online
  • initiate an electronic payment transaction
  • perform any action which might be open to abuse via remote access.
     
How does Open Banking work?

Banks have to provide third-party service providers technical access to the payment accounts of their customers. Third-party service providers mean other banks or FinTechs or miscellaneous payment providers, who must all be registered with a European supervisory authority. Important: This access is only granted if the customer expressly informs the bank of their consent and/or this permission is requested afresh each time. As a customer, you have full control and can withdraw your approval for online banking at any time.

Details of third parties: 

  • Banks have to provide officially registered third-party providers, such as FinTechs or other banks, access through a secure interface to their customers’ account information, plus the ability to trigger payments via third-party providers.
  • Account Information Service Providers (AISPs) receive account information such as account balance and turnover after your electronic approval through your bank.
  • Payment Initiation Service Providers (PISPs) can trigger payment orders after your electronic authorisation through your bank. This means that they are sent to the bank for execution.
  • Payment Instrument Issuer Service Providers (PIISs) may request the availability of a cash amount after electronic approval through your bank.

This might also be of interest to you

business documents on office table with a laptop and two colleagues discussing data in the background BusinessLine News BusinessLine is local software that you install on to your computer to retrieve your account and payment information. BusinessLine News
a scale on a wooden table Austrian Payment Service (PSD) The Payment Services Directive (PSD) has been implemented as an EU directive for private clients since 2009. More about Austrian Payment Service
paper clips in different colors on a table Glossary VZKDV Standardization of bank terms due to the Austrian Consumer Payment Account Services Regulation. To the VKDV-Glossary