April 23, 2024
0 min read

PSD2 vs. PSD3: The Evolution of Payment Services Regulation

PSD3 in open banking Blocshop.png

The financial sector is constantly evolving, driven by technological advancements and regulatory changes. The proposed Payment Services Directive 3 (PSD3) demonstrates this dynamic environment, building on its predecessor, PSD2, to address emerging challenges and opportunities within the financial landscape in Europe. This article explores the nuances of PSD3, contrasts it with PSD2, and underscores how banks and fintech businesses can ensure regulatory compliance in the EU market. 

Understanding PSD3: An extension of PSD2 

PSD3 is not yet fully formalized in law; however, it represents the European Union’s ongoing commitment to creating a more integrated, efficient, and secure financial market. On February 14th, 2024, the European Parliament announced that ECON (its Economic and Monetary Affairs Committee) had adopted draft reports on the European Commission's legislative proposals for a Directive on payment services and electronic money services (PSD3) and a Regulation on payment services in the EU (PSR). Simply put, the EU committee has just endorsed and fast-tracked these major payment reform plans.

To fully appreciate the implications of PSD3, one must first consider the foundation laid by PSD2. Implemented in January 2018, PSD2 aimed to enhance online payment security, foster innovation, and increase competition in the EU financial sector. It introduced key concepts such as Strong Customer Authentication (SCA) and opened banking APIs, which mandated that banks provide third-party providers (TPPs) access to their customers' accounts (with customer consent) to enable more varied financial services. 

Where PSD2 opened the door, PSD3 seeks to expand the threshold. The focus shifts toward closing regulatory gaps exposed by PSD2, particularly in areas like security, data management, and cross-border payments. Additionally, PSD3 is expected to tackle issues arising from the increased use and sophistication of artificial intelligence and machine learning in financial services, ensuring that these technologies are employed transparently and ethically. 


Key differences between PSD2 and PSD3 

While PSD2 broke new ground in regulating payment services, PSD3 is anticipated to refine these regulations with several enhancements: 

1.) Enhanced Consumer Protection 

PSD3 may introduce more stringent measures to protect consumers from fraud, unauthorized transactions, and privacy breaches. 

For example, PSD2 mandated Strong Customer Authentication (SCA) which required a two-factor authentication process for online transactions to increase security. PSD3 could go further by implementing advanced monitoring technologies that use machine learning to detect and prevent fraudulent activities in real-time. This could reduce the incidence of sophisticated cybercrimes such as identity theft and unauthorized account access, offering consumers greater peace of mind. 

2.) Regulation of New Entities 

As financial ecosystems evolve, new types of financial entities and technologies that were not previously covered under PSD2 may come under scrutiny in PSD3. 

For instance, PSD2 primarily focused on payment service providers and banks, but PSD3 could extend regulations to cover fintech companies offering cryptocurrency services, digital wallets, and peer-to-peer platforms which have become more prominent. This inclusion ensures that all entities handling consumer financial data adhere to strict regulatory standards, maintaining a secure and stable financial environment. 

3.) Standardization of APIs 

While PSD2 encouraged the development of open banking, it led to a fragmented market with varying standards of APIs across banks. PSD3 might push for more standardized APIs to facilitate smoother, more secure interoperability across services and borders. 

An example of this could be implementing a unified API framework that all EU banks and financial institutions must adopt, similar to the UK’s Open Banking standards developed by the Competition and Markets Authority. This would enable developers to create applications that can work seamlessly with any bank in the EU without needing to customize integrations for each bank’s unique API, thus fostering innovation and enhancing user experience across the board. 

PSD2 vs PSD comparison Open - Banking API Development by Blocshop.png

A detailed comparison of the PSD2 and the proposed PSD3




Scope and Objective 

Introduced open banking, allowing third-party providers to access financial services. Aimed at enhancing competition and security in the payments industry. 

Expands the scope of PSD2, focusing on consumer protection, transparency, and competition. Specifically addresses the issues raised by the implementation of PSD2. 


Introduced Strong Customer Authentication (SCA) with two of three possible factors: knowledge, possession, or inherence. 

Allows more flexibility in authentication methods and includes new provisions to strengthen consumer security and reduce fraud. 

Consumer Rights 

Aimed to improve user protection in electronic payments and increase transparency. 

Introduces stricter measures for consumer protection, specifically enhancing rights related to fraud and the transparency of transaction processing. 

Transparency and Liability 

Mandated transparency in payment services but lacked specific measures for reporting API performance. 

Requires periodic reporting on API performance and more detailed transaction information to consumers. Increases liability for incorrect transaction executions and unauthorized payments. 

Fraud Prevention 

General provisions for fraud prevention. 

Includes specific measures to enhance transaction monitoring, strengthen SCA, and improve cross-institutional collaboration to combat fraud. 


Did not specifically address the needs of vulnerable customers. 

Introduces requirements for inclusive accessibility in authentication processes to support vulnerable groups. 

Regulatory Oversight 

Established a regulatory framework under national competent authorities. 

Empowers national authorities with more robust enforcement capabilities and clarifies rules for better compliance and monitoring. 

Impact on Businesses 

Required businesses to adapt to open banking frameworks and integrate with third-party providers. 

Mandates businesses to comply with stricter security standards and provide more comprehensive consumer data protection. 

Implementation Timeline 

Fully implemented as of 2018. 

Expected to be legislated and come into effect around 2026, with a transitional period for institutions to comply with the new requirements. 


How to transition from PSD2 to PSD3 

Transitioning from PSD2 to PSD3 involves several strategic steps for financial institutions and fintech companies across the EU. Here's a structured approach to managing this regulatory shift: 

1.) Conduct System Audits: Review existing systems to evaluate current compliance with PSD2 and identify areas that require upgrades or adjustments in anticipation of PSD3. Focus on data security, customer authentication processes, and API functionality. 

2.) Update Policies and Technical Solutions: Modify internal policies and develop technical solutions to meet the expanded requirements of PSD3. This could include implementing advanced fraud detection systems that use artificial intelligence and machine learning to enhance consumer protection. 

3.) Engage with Regulatory Bodies: Stay informed about PSD3 developments by engaging with regulatory authorities. Participating in industry consultations can provide insights into the regulatory landscape and influence understanding of upcoming changes. 

4.) Initiate Staff Training Programs: Prepare comprehensive staff training to ensure they understand the implications of PSD3 and how it differs from PSD2. Update operational procedures based on the new requirements. 

5.) Foster Technological Partnerships: Collaborate with technology providers who have expertise in regulatory transitions. This is crucial for upgrading systems, such as standardizing APIs, to ensure they meet new standards for compatibility and interoperability. 

6.) Leverage the New Framework: Use the transition as an opportunity to enhance service offerings, capitalizing on the improvements in security and functionality that PSD3 aims to introduce. 

By following these steps, institutions can effectively navigate the transition from PSD2 to PSD3, ensuring compliance and taking advantage of the opportunities it presents to improve their services in the digital finance market. 


Could PSD3 and API standardization influence the global fintech market? 

The standardization of APIs under PSD3 could have several global implications for the fintech market beyond the EU: 

1.) Facilitation of Cross-Border Services: Standardized APIs can make it easier for companies to offer their services across borders, helping them to expand into new markets with less friction and lower costs of integration. 

2.) Enhanced Interoperability: With standardized APIs, fintech companies around the world could more easily integrate with European banks and payment services, fostering greater global interoperability in the financial sector. 

3.) Boost in Innovation: The clear and consistent API standards could lower barriers to entry for new fintech startups, spurring innovation. As more services become compatible with each other, it opens up new possibilities for developing unique solutions that can operate on a global scale. 

4.) Increased Competition: Standardization might also increase competition globally as non-EU companies could enter the EU market more easily, and EU companies could expand their operations worldwide with fewer technological barriers. 

5.) Improved Consumer Experience: For consumers, standardized APIs mean more choices, better services, and smoother experiences as companies focus on improving offerings rather than dealing with compatibility and regulatory compliance issues. 


Engaging expertise transitioning to PSD3 

The transition from PSD2 to PSD3 also highlights a critical need: the expertise of software developers proficient in navigating the regulatory landscape. Here’s why hiring knowledgeable developers is essential for banks and fintech companies: 

1.) Compliance with complex regulations: The complexity of PSD3 requires developers who not only understand the technical requirements but also grasp the regulatory implications. 

2.) Implementation of secure APIs: As PSD3 may emphasize standardizing APIs, developers will need to design APIs that meet these standards while ensuring robust security to protect sensitive financial data. 

3.) Integration of AI and advanced technologies: With the potential increased use of AI and ML under PSD3, developers must be adept at integrating these technologies in a way that complies with ethical standards and regulatory requirements. 

With regulatory changes like PSD3, the demand for skilled software developers will only grow. Banks and fintech businesses should invest in this expertise sooner rather than later to stay ahead in a dynamic market. By understanding the changes introduced by PSD3, firms can better prepare to meet these new challenges, ensuring both compliance and innovation. 

Blocshop will provide you with a competitive edge when it comes to PSD3 

Reach out to Blocshop to explore how our fintech and open banking-focused software development services can enhance your preparations for PSD3 and ensure that you are fully equipped to meet the future with confidence and compliance. 



Learn more from our insights

June 20, 2024

Generative AI used for data conversions and reformatting

How to use generative AI for data conversion, addressing integrity, hallucinations, privacy, and compliance issues with effective validation and monitoring strategies.

DALL·E 2024-05-30 09.37.01 - An illustration suitable for an article about ISO 20022. The scene should feature a modern, sleek representation of the ISO 20022 logo in the center. .webp
May 28, 2024

ISO 20022 Explained: A Comprehensive Guide for Financial Institution Managers

What is ISO 20022? How does it affect companies and institutions in the fintech and banking industry and how to prepare for its adoption? All explained in this article.

DALL·E 2024-05-22 20.55.08 - A detailed and high-quality DSLR photo of a person using a laptop to shop online, showing personalized product recommendations on the screen. The back.webp
May 16, 2024

Key AI Trends in E-commerce and Overview of AI integrations for E-commerce Platforms in 2024

Transform your e-commerce platform with AI tools for personalization, analytics, chatbots, search, and fraud detection. Boost sales and improve customer experiences.

eIDAS mark.png
May 09, 2024

Digital Identity and Payment Services in the EU in 2024: Key Updates

eIDAS 2.0 and PSD3 are set to enhance how digital identities and payment services are managed across the European Union in 2024. Here’s an overview of how each framework contributes to the digital landscape of the EU, what to expect, and how to prepare.

eIDAS 2 in fintech and open banking EU market.png
May 06, 2024

What is eIDAS 2.0 and EU Digital Identity Wallet and how will it change the EU digital market

Learn how eIDAS 2.0 and the EU Digital Identity Wallet will transform digital transactions and identity management across the European Union.

best large language models for ERP systems.png
March 31, 2024

Language Models Best Suited for Integration into ERPs

Four prominent large language models stand out for their compatibility and effectiveness in ERP system processes and automation. See what they are.

PSD3 in open banking Blocshop.png
April 23, 2024

PSD2 vs. PSD3: The Evolution of Payment Services Regulation

What is PSD3 in open banking? See how PSD3 compares to PSD2 and what should banks and fintech businesses do to ensure regulatory compliance in the EU market.

April 14, 2024

Enhancing ERP Systems with AI Chatbots

Explore how AI chatbots can transform ERP systems, enhancing efficiency, decision-making, and user interaction.

eIDAS in fintech and open banking EU market.png
April 29, 2024

eIDAS: The regulation helping secure Europe's digital future

See how eIDAS enhances EU digital transactions with secure identity verification, supporting e-commerce and public services across Europe.

hybrid ERPs.png
March 21, 2024

Hybrid ERP: An Innovative Approach to Enterprise Resource Planning

Hybrid ERP is a blend of cloud and on-premise solutions. With expertise in both, Blocshop is uniquely positioned to help you with hybrid ERP development and implementation.

0-4 cover.png
October 03, 2023

IT Staffing: Individual Hiring vs. Specialized Developer Teams

Should you hire individual developers or go for a specialized, custom-built developer team?

July 17, 2023

ChatGPT-3.5: An Overview and Limitations

In this article, we'll take a closer look at the capabilities and limitations of ChatGPT-3.5, providing you with a comprehensive overview of what it can do and what its boundaries are. So, let's delve into the inner workings of this large language model.

gpt4 vs gpt3-5 and the key differnces.png
June 15, 2023

A Deep Dive into GPT-4 vs GPT-3.5 Differences and Ability to Revolutionize Software Development

There are key differences between ChatGPT-3.5 and ChatGPT-4 that software developers and companies procuring software solutions alike should be aware of. Let's see how these differences affect the output generated by these models on specific examples.

May 09, 2023

AI-powered software development: What CTOs need to know in 2023

As technology continues to evolve at a rapid pace in 2023 and beyond, CTOs must stay ahead of the curve by utilizing predictive analytics, automated testing processes, and deployment solutions.

May 05, 2023

How Artificial Intelligence is changing web development

AI technology is now being used in many different industries, including web development. It’s important to understand the impact that AI can have on web development as it can help companies to create more efficient and user-friendly websites.

May 05, 2023

How AI-powered software development is changing the role of the CTO

As AI-powered software development becomes increasingly commonplace, CTOs must prepare themselves to take on a new set of responsibilities that require more than just technical know-how.

April 17, 2023

How to build a minimum viable product (MVP)

The MVP is the version of a new product that allows Blocshop and your team to collect the maximum amount of validated learning about customers with the least amount of effort. The essence of your core idea is delivered as a barebones solution. The solutions is, however, sufficient for usage by early adopters. As a product, it has tangible qulities that express a look and feel.

March 21, 2023

10 AI tools for developers you should know about in 2023

For developers, programmers, and data scientists, AI coding solutions can free up thinking time, allowing such professionals to focus on the fundamentals of their projects, and complete such projects much faster.

February 14, 2023

17 Ideas for Web Apps in 2023

Gazillions of web apps and ideas for web apps are floating around the metaverse - so creating one that properly represents a unique brand is a huge challenge. Our list provides a number of areas of simple app ideas to help businesses transform their online presence through a web app.

Top 15 micro-SaaS ideas for your startup in 2023.png
December 06, 2021

Top 15 micro-SaaS ideas for your startup in 2022

What exactly do we mean by micro SaaS? Micro Saas solutions use a web browser or mobile app interface. Micro SaaS solutions usually come about through the effort of an individual or very small team. It aims to solve precise problems. Micro SaaS projects have small budgets and overhead. Customers use Micro SaaS solutions on a monthly or yearly subscription basis. Micro SaaS projects target a small niche of the consumer market.