PSD2 and open banking

PSD2 - revised Payment Services Directive

PSD2 stands for Payment Service Directive 2, the revised Payment Services Directive. The regulatory framework aims to develop the market for electronic payments and create better conditions for safe and efficient payments.

  • It opens up the payment service market for more players.
  • It leads to increased competition and more options for both private and business customers.

More choices for you as the customer

Through PSD2, new players are introduced to the payment market, both payment initiation service providers, and account information service providers.

Swedbank and other banks in accordance with the Payment Services Act, have the obligation to provide payment initiation service providers’ access to the customer´s payment accounts (accessible online), if the customer has given its consent. An overview of the customer’s rights to make payments (including card payments) in Europe is provided in the European Commission’s information leaflet.

What is a payment initiation service?

Swedbank's private and business customers who have a SEB bank account in Estonia, Latvia or Lithuania can add their other bank’s bank account in Swedbank's Internet bank and initiate payments from them.

Important! Even if the payment is initiated in Swedbank's Internet banking environment, the payment will be made in the bank in whose account it was initiated.

Before making a payment, make sure that you have added your other bank account to Swedbank's Internet bank and / or check whether the access to use other bank accounts in Swedbank's Internet bank is still valid.

Here you may find more information about the payment initiation service.

What is an account information service?

Swedbank is providing an account information service. Private and corporate customers who also have accounts in SEB bank in Lithuania and Estonia and Swedbank banks in other Baltic countries are able to see the balances of these accounts in their Swedbank Internet Bank environment. Customers can also manage their consents, given to view this information, in Swedbank Internet Bank.

Can any company act as a third party provider?

Companies wishing to become third party providers, must apply for, and obtain, a permit or be registered by the Financial Supervisory Authority. Customers should always be careful when granting information and check the terms of the agreement with the third party provider.

How can the customer give permission to an account information service provider?

All access to account information requires the customer's consent. When the customer leaves the consent to the account information service provider the request will be sent to Swedbank to authorize the asset. In connection with this, the customer will also see what information will be provided and for how long. The customer verifies the approval by Smart-ID, mobile-ID, ID-card or PIN-calculator. Customers can see their given consents under Menu item “Everyday banking”.

How do I understand to what extent third party provider can use my data?

You can choose if you want to see only the balance of your account(s) or also an account statement. In the latter case, all information reflected in the account statement over the last two years will be sent to the service provider. The payment service provider does not have the right to use the data for the purpose for which the person has not given his consent.

Can the banks decline third party providers’ access?

A company that is licensed by The Financial Supervisory Authority has, with the customers consent, legal right to the customer’s payment account information. We as a bank do not have an agreement directly with the third party providers and cannot deny access more than in certain specific cases.

How will the customer information be protected?

The bank only transfers data to a third party provider after the customer has given its approval. Legislation prohibits third party providers’ from using the data for purposes other than the one for which the customer’s approval has been granted, unless the customer has specifically approved that the data may be used for other purposes.

Who is responsible for incorrect or unauthorized transactions if the customer has paid through a payment initiation service provider?

If a payment initiation service provider has acted incorrectly and by that caused a loss to the customer, it is the provider of the payment initiation service who is responsible. However, the customer must first report the transaction to the bank that provides the account from which the payment has been made.