PSD2 Directive: Are you ready to manage public API interfaces?


There is little time left until the deadline for full implementation of the EU directive aimed at driving a huge leap in European digital economy. PSD2 Directive is expected to have a tremendous impact on the future of financial institutions by opening the payments market to not only existing IT giants like Apple, Google and Facebook, but also new FinTech startup companies.


This is the second Payments Services Directive – coming into force on 13 January 2018 – updating and amending the initial 2007 version of the PSD Directive which created the legal basis for a single payments market in the European Union. The main objectives of this Directive are the integration and optimization of the European payments market, driving innovation and competitiveness and facilitating electronic payment security. However, most talked-about change that has been the top agenda at all bank meetings across Europe in the preceding months is the obligation of banks to open their APIs to authorized payment services providers (so-called Third-Party Providers – TPPs) and give them access to customers’ accounts. This means that most financial institutions will have to acquire API management gateway systems for managing API interfaces and calls, with emphasis on high security levels that such systems have to provide.



Requirements imposed by the new PSD2 Directive can be summarized in 3 basic points:

  • Provide secure access to Third Party Providers (TPPs) which need to collect customers’ account data for payment purposes
  • Authorize a specific business entity as a third party for the provision of payment services, as chosen by the end customer, which may include FinTech and retail companies, telecommunication services providers and other providers of transaction services (e.g. PayPal)
  • Third Party Providers (TPPs) have to directly access two aspects of any bank account:
    • Account data and transaction data
    • Authorize payments directly from the account




Why Red Hat 3Scale? Because 3scale API Management platform solves all of the above-mentioned challenges faced by not only financial institutions but also third-party payment services providers. Red Hat® 3scale API Management makes it easy to share, secure, distribute, control, and monetize your APIs, offers highest-level security and you can place it on any infrastructure – on-premise, in the cloud, or on any combination of the two (hybrid-cloud). Following requirements are stipulated under the PSD2 Directive and successfully handled by the 3Scale API Management platform:

[one_third]PSD2 REQUIREMENTS[/one_third][one_third]        [/one_third][one_third]3SCALE FEATURES




[one_third]Powerful authentication methods for protecting electronic payment transaction channels[/one_third][one_third]                             ——->   [/one_third][one_third]Various OAuth authentication scenarios for different applications[/one_third]




[one_third]XS2A requires end user authentication, 2-factor authentication (2FA), and user consent[/one_third][one_third]                             ——->   [/one_third][one_third]Support for OpenID authentication[/one_third]




[one_third]PSD2 allows third parties to monetize different scenarios and interactions[/one_third][one_third]                             ——->   [/one_third][one_third]Built-in billing module, ready for integration with different systems[/one_third]




[one_third]Payment services provider is obligated to establish a risk management system and regularly report risk assessments to the regulator[/one_third][one_third]                             ——->   [/one_third][one_third]3scale ensures security reports on demand and without delay[/one_third]




[one_third]Provide simple API Explorers so both developers and other business teams can interact with APIs in test and production scenarios[/one_third][one_third]                             ——->   [/one_third][one_third]Interactive documentation included in the world’s largest development environment and documentation generation system – Swagger (Open API)[/one_third]






Want to learn more? Contact us!