• Gemalto is now part of the Thales Group, find out more.

Open Banking and PSD2 - Secure innovative services via Open API

​​​Ecommerce is now a fact of life. Whether buying groceries with one click on Amazon or ordering a taxi on your phone with Uber, customers around the world increasingly rely on the convenience of online services. 

In the banking sector, innovative services based on open data are cropping up too. 

New third-party actors like account information service providers (AISPs), which provide consumers with visibility across all their banking accounts via a single app, and payment initiation service providers (PISPs), which offer consumers an easy means of making direct fund transfers for online transactions, are upending the traditional banking landscape. 

The bank of tomorrow is the one that not only sees these changes on the horizon, but also adapts to this new environment. Otherwise, customers are more than willing to move on with a financial partner that can provide the services they seek. 

According to a recent Gemalto poll, 38% of those surveyed would leave their bank if another provider was offering better services or better rates.



It's a call to action.

Ope​n banking is here

The revised Payment Service Directive (PSD2) fosters the development of innovative services based on open data in the banking payment landscape. In particular, it aims to encourage the creation of alternative internet payment methods across all common types of devices (e.g. computers, tables, and mobile phones) by allowing third-party providers equal access to customer account information and transactional approval. 

There's more.

PSD2 specifies that consumers have the right to use any third-party provider for their online banking services. As a result, banks are mandated to provide open Application Programming Interfaces or APIs to allow software at one company to access payment account information and payment initiation from another.

PWC forecasts that 71% of Small and medium-sized enterprises and 64% of adults will adopt open banking by 2022. This is revealing a solid adoption of open banking technology across the financial services sector.

In other words, the move to open banking means removing barriers between competitors as it requires banks to allow their account details and transactions to be shared with third parties through APIs.

Open banking is playing a significant role in the rise of the digital economy as it makes payments easier and more transparent.

psd2 open banking

More on psd2 sca

More on psd2 risk assessment


  • How Gemalto hardware devices solutions help comply with PSD2

    Read our white paper to understand the latest implications of PSD2 for the banking and payment landscape in europe.

    Download the whitepaper

More data​ means more opportunities​​

​Ignoring the future is simply not an option. 

Progressive banks are those who embrace innovation and enact measures to open up their data for enhanced banking services. By working more closely with third-party actors, financial institutions can better prepare themselves for the market changes and proactively identify areas of research and development. 

Gemalto's identity and access management (IAM) solutions allow organizations to meet the evolving needs around cloud applications and mobile devices by enabling secure access to online resources and protecting the digital interactions of employees, partners, and customers with market-leading strong authentication and digital signing products. 

More information on our solutions around entreprise cyber security


Most commonly used PSD2 acronyms


Account Servicing Payment Service Provider, the traditional type of Payment Institution, as banks, with which a PSU

(payment service user) holds one or more accounts and from or to which the PSU issues payments. Every ASPSP must register under PSD2 as a Payment Institution.


An Account Information Service Provider acts as an aggregator of data relating to a PSU’s accounts held across one or many different ASPSPs. AISPs must register under PSD2 as a Payment Institution. AISPs belong to the TPP category of PSPs.


Payment Initiation Service Providers are granted permission by a payment service user (PSU) to initiate payments on behalf of that PSU. They do this by establishing a software ‘bridge’ between the website of the merchant and the online banking platform of a payer’s bank in order to initiate payment. The PISP would typically be made available as a payment option on a merchant’s website. PISPs belong to the TPP category of PSPs.


Payment Service Provider, a general term for providers that offer online services for accepting electronic payments by a variety of methods including credit/debit cards and real-time transfer. Traditional PSPs such as banks and financial institutions have now been joined by an increasingly large and diverse set of third-party service providers (TPPs).


A Payment Service User is essentially a customer—either an individual or a corporate entity—that has one or more bank accounts.


Regulatory Technical Standards. The European Banking Authority (EBA) has been tasked with specifying ”Regulatory Technical Standards” (RTS) for authentication (Article 98) that define how to implement the security obligations imposed on PSPs. RTS especially focuses on SCA, exemptions to SCA, and open communications between ASPSPs, PISPs, and AISPs.


Strong Customer Authentication is a procedure based on the use of two or more of the following elements: Knowledge( Something only the user knows, e.g. password, code, personal identification number); Ownership / Possession (Something only the user possesses, e.g. token, smart card, mobile handset); Inherence (Something the user is, e.g. biometric characteristic, such as a fingerprint). 


Third Party Provider, a category of PSPs covering PISPs and AISPs.