The new Payment Services Directive 2 (PSD2) is a piece of payment legislation that went effective in Europe on 14 September 2019. The European Banking Authority (EBA) granted exemptions and set the new deadline to 31 December 2020. EBA instructed financial institutions and PSPs (Payment Service Providers) to improve instruments, processes, and awareness to guarantee a more reliable level of security regarding their payment services provided to customers.


The PSD2 introduces security requirements for digital payments and the protection of consumers’ financial data.  It also regulates Third-Party Providers (TPPs) that manage payment services.

To protect the consumer, PSD2 requires banks to implement multi-factor authentication for all proximity and remote transactions performed on any channel. This obligation means using two of these three features:

  • Knowledge: something only the user knows, e.g. password, code, personal identification number
  • Possession: something, only the user, possesses, e.g. token, smart card, mobile handset
  • Inherence: something, the user, is, e.g. biometric characteristics, such as a fingerprint.

Besides, the elements selected must be mutually independent, which means that the breach of one should not compromise any of the others.


The main challenge in applying compliance requirements is to highly secure customer authentication while making easy the whole process.


The XTN Cognitive Security Platform® offers complete PSD2 compliance.