Solutions
Product
Services
Resources
Company
Developer
hello@okaythis.com

Kverndalsgata 8,
3717 Skien,
Norway

Solutions
Embedded Finance Providers and BaaS
Banks
BtoC and BtoB Fintechs
Corporate Sector
Okay Passwordless
Products
Okay KYC
Okay PSD2 SCA
Okay ACS
Okay IAM
Services
Advisory Services
Risk and Security Audits
Integration and Professional Services
Application Management Services
Resources
Blog
Glossary
Patents
PSD2/3 Resources
Company
About
Get In Touch
Partners
Developers
iOS SDK Guide
React Native Module
Android SDK Guide
Server Documentation
API Documentation
©2025 Okay. All rights reserved
Privacy & Policy
Terms & Condition
Back to Blog

The Revised Directive on Payment Services (PSD2) and it's Impact on Security

Published: 07.11.2019

Updated: 07.11.2019

Author: Erik Vasaasen

The Revised Directive on Payment Services (PSD2) has a wide range of objectives, which impacts nearly all financial institutions and a vast array of merchants. As long as you are located in Europe, or do transactions with customers located in Europe, the PSD2 will have some kind of impact.

Directive Goals

The Directive of European Parliament and of the Council is shrouded in bureaucratic language, but made simple, their the goals are:

  • to contribute to a more integrated and efficient European payments market
  • to further level the playing field for payment service providers by including new players
  • to make payments safer and more secure
  • and to enhance protection for European consumers and businesses

The impact for non-European companies comes from the one-leg principle, which makes the directive binding also for non-European companies.

The directive itself is not particularly interesting from a practical security point of view, but the official interpretation as described in the Regulatory Technical Standards on strong customer authentication and secure communication under PSD2 (RTS) should be read by all security professionals who are connected to the payment industry.

PSD2 and Okay

We at Okay make software that helps you deal with the technical challenges inherent in the requirements that spring from the PSD2 and the accompanying RTS. To help you understand how we help mitigate the challenges created by the PSD2, we plan to publish a series of blog posts examining articles that are relevant to the technical aspects of the PSD2, article by article. 

For each article we will try to describe some common types of practical attacks that are relevant for the challenge, then describe how this can impact business before we describe how we at Okay can help you mitigate the problem. 

Sign Up for Our Newsletter

Unlock updates, insights, and exclusive content delivered to you.

Update

Want to jump straight top those series of blog posts examining articles that are relevant to the technical aspects of the PSD2?

Here in part one of three, we start by covering the fundamental requirements Payment Service Providers should be aware of if issuing cards or e-money payments and why said requirements are necessary.

Here in part two of three, we cover the the April 30th deadline.

And here in part three of three, we wrap up with how the Okay solution can help you meet SCA PSD2 RTS compliance standards.

Related Articles

From PSD2 to PSD3… to PSD4? Tracking the Next Wave of Regulatory Updates for Europe

Regulation and compliance
22.04.2025

PSD2 SCA Compliance: Preparing for the Deadline

Regulation and compliance
12.02.2019

Why Should You Care? PSD2 Explained

Regulation and compliance
15.08.2019