• Skip to primary navigation
  • Skip to main content
Cardspot

Cardspot

  • Home
  • About Us
  • Services
    • Brand Certification
    • Brand Consultancy
    • Observing Mandates
    • Issuer Consultancy
    • Acquirer Consultancy
    • Key Management
  • Blog
  • Contact Us
  • English
    • Hungarian

Who’s who in PSD2?

Gábor Gazsó · 2018.07.02.

In the brave new world in European Union, third-party providers will have the chance to get access to data on bank accounts and initiate transactions on those accounts if the account holder gives them consent to do so. The directive which specifies the rules of this brave new world is called PSD2, or less friendly name is EU directive 2015/2366.

There are tons of articles and presentations referring to the players of PSD2 as 3-5 letter acronyms, as can be seen in the picture above. In this article, I explain the roles of those players for all who do not actively work in the PSD2 domain.

TPP, Third Party Providers, may have three kinds of roles. 

Third-Party Providers

Transaction initiator

PISP, Payment Service Provider, is a party that has the right to initiate a transaction on behalf of you. You can imagine this kind of company as if you wrote a paper instruction to transfer some money from your account to someone else and asked your mom to hand in this paper to your bank. PISP will be much faster, but it won’t cook you cake after this action.

Data Aggregator

AISP, Account Information Service Provider, is a party, which has the right to collect data from your bank accounts and display aggregated information to you. The same as if you asked your dad to read through your bank statements and verify if all your dues have been paid right in time. Although the AISP won’t play with your children, it will collect your data faster and more efficiently than your dad did.

Issuer

PIISP, the Payment Instrument Issuing Service Provider, is a party that issues something you can pay with. This something is a credit card, a mobile application, a payment watch, a payment googles, a payment chip under your skin or anything in your wildest dreams.

The interface

API, Application Programming Interface, will be the gateway, where providers will securely communicate with your bank. Think of it as a real gate where your mom and dad had to knock and where she and he entered after they have presented your consent. It’s the bank (ASPSP, see later) who operates this gate. The bank opens this gate as soon as it has verified the one who knocked on the door and after it checked the validity of your consent.

Local Authority

NPR, National Public Register, is the local central database in every single country in the EU. In your mind, this database may appear as a list of TPPs together with their ID and their roles. When a TPP wants to get the license to work as a TPP, it must go to NPR and ask for this license. Obviously, the NPR has the right to withdraw that license at any time.

Central Authority

EBA, European Banking Authority, is the central database that collects the information from all NPR, aggregates them and makes this aggregate information available back to NPR of all member countries. If an NPR gives a license to a TPP, the NPR will inform EBA about this fact. Next time any other NPR wants to know if that certain TPP has a license, the other NPR will ask EBA, and EBA replies accordingly. Like a gossip central. An NPR tells something about a TPP to EBA (“Have you heard that this TPP has a new licence?”; “It’s a shame, the licence of this TPP is revoked”). EBA stores this information and distributes it to any other NPR when the other NPR asks EBA about the news of TPPs.

Payment Service Provider

ASPSP, Account Servicing Payment Service Provider, is in the middle in the picture above. It seems to be the central player in this game but it’s only a slave. ASPSP is practically the bank. The party that maintains accounts, that handles the money.

You

PSU, the Payment Service User, is in the origo. It is practically You. The customer, who has an account at the ASPSP and wants better service they have had till now.

I’m looking forward to seeing how fast this brave new world will evolve and how fast the players of this article will adapt themselves to the challenges.

About Gábor Gazsó

The author has more than 20 years of experience with bank card systems and smart card technology by working for issuers, acquirers and service providers.

Let us help you and get in touch with us. Contact Us

Copyright © 2023 · Cardspot Kft.

We collect cookies. Why? Accept
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT