Payment Services Directive 2 (PSD2) and Open Banking Information

Payment Services Directive 2 (PSD2)

For more information on PSD2, its background scope and what's changing for our EFS-CPS Corporate Customers, please review the European Commission Fact Sheet and continue to watch this space for additional information.

For more information on the rights of consumers under this Directive and related EU law, see the EU Commission Leaflet – Your Rights When Making Payments in Europe.

Strong Customer Authentication (SCA)

What is SCA? Strong Customer Authentication (SCA) ensures that card issuers must confirm the cardholder as being the genuine owner of the payment card before they approve the ecommerce online transaction. To prove that they are the genuine owner of the card, cardholders must provide at least two out of three possible authentication factors to their card issuer when requested.

Authentication Factors:

These can include any combination of two of the following:


This refers to something only the cardholder and their card issuer knows. A passcode or memorable secret word can be used to satisfy this requirement.


This is something the cardholder has which is recognised by their card issuer. A mobile phone can be used to satisfy this requirement.


This is something unique to the cardholder and verifiable by their card issuer. A fingerprint, facial and voice recognition, or an iris scan are examples of authentication factors.

When was SCA required to be implemented?

The European Banking Authority recognised the complexity and challenges of implementing this directive within the payments environment and extended its original deadline of 14 September 2019. The deadline for Online eCommerce compliance was extended 31 December 2020 in Europe. The additional time was needed to ensure that all stakeholders in the ecosystem; banks, acquirers, gateway providers and merchants were able to equip themselves with the relevant tools to fully implement PSD2.

Open Banking Information

AISP Dedicated Interface Testing

Commission Delegated Regulation (EU) 2018/389 of 27 November 2017 supplementing Directive (EU) 2015/2366 of the European Parliament and of the Council with regard to regulatory technical standards for strong customer authentication and common and secure open standards of communication.

PSD2 Common and Secure Open Banking: if you are a Third-Party Provider known as an “AISP”, please use the link below in order to test Elavon’s dedicated interface. Elavon has partnered with Token.IO Limited (UK) to provide and support open banking/dedicated access.

AISP Webpage Interface

Access Interfaces - Key Performance Indicator Reports

Access Interfaces - Key Performance Indicator Reports