PSD2 and open banking

PSD2 - revised Payment Services Directive

PSD2 stands for Payment Service Directive 2, the revised Payment Services Directive. The regulatory framework aims to develop the market for electronic payments and create better conditions for safe and efficient payments.

  • It opens up the payment service market for more players.
  • It leads to increased competition and more options for both private and business customers.

More choices for you as the customer

Through PSD2, new players are introduced to the payment market, both payment initiation service providers, and account information service providers.

Swedbank and other banks in accordance with the Payment Services Act, have the obligation to provide payment initiation service providers’ access to the customer´s payment accounts (accessible online), if the customer has given its consent.

What is a payment initiation service?

A payment initiation service is an online payment made by third party on behalf of the customer. This always requires a customer agreement and consent. The actual transfer is made through the banks existing payment services. Payment has to be confirmed by Smart-ID, mobile-ID, ID-card or PIN-calculator.

What is an account information service?

An account information service provider collects, with the customer´s consent, information from the customer's payment accounts in one or more banks and presents the compilation in the account information service provider´s own interface, e.g. in an app on a smartphone or in a web service.

Can any company act as a third party provider?

Companies wishing to become third party providers, must apply for, and obtain, a permit or be registered by the Financial Supervisory Authority. Customers should always be careful when granting information and check the terms of the agreement with the third party provider.

How can the customer give permission to an account information service provider?

All access to account information requires the customer's consent. When the customer leaves the consent to the account information service provider the request will be sent to Swedbank to authorize the asset. In connection with this, the customer will also see what information will be provided and for how long. The customer verifies the approval by Smart-ID, mobile-ID, ID-card or PIN-calculator. Customers can see their given consents under Menu item “Everyday banking”.

How do I understand to what extent third party provider can use my data?

You can choose if you want to see only the balance of your account(s) or also an account statement. In the latter case, all information reflected in the account statement over the last two years will be sent to the service provider. The payment service provider does not have the right to use the data for the purpose for which the person has not given his consent.

Can the banks decline third party providers’ access?

A company that is licensed by The Financial Supervisory Authority has, with the customers consent, legal right to the customer’s payment account information. We as a bank do not have an agreement directly with the third party providers and cannot deny access more than in certain specific cases.

How will the customer information be protected?

The bank only transfers data to a third party provider after the customer has given its approval. Legislation prohibits third party providers’ from using the data for purposes other than the one for which the customer’s approval has been granted, unless the customer has specifically approved that the data may be used for other purposes.

Who is responsible for incorrect or unauthorized transactions if the customer has paid through a payment initiation service provider?

If a payment initiation service provider has acted incorrectly and by that caused a loss to the customer, it is the provider of the payment initiation service who is responsible. However, the customer must first report the transaction to the bank that provides the account from which the payment has been made.