Insight

Last month, we explained which aspects of the PSD2 regulation are relevant to card issuers and what challenges as well as opportunities this law opens to companies that issue cards.

Today, let’s put this information into practical terms. What specific issues do card issuers need to take care of to become PSD2 compliant? The key points include:

  • PSD2 APIs 
  • Open banking API for Third-Party Providers (TPPs)  
  • Access to accounts APIs 
  • Integration API into the Card Management System  
  • Related API documentation 
  • TPP authentication, authorization, and validity monitoring from national competent authorities’ databases  
  • Payment Service User (PSU) consent management and authentication 
  • Integration to Strong Customer Authentication (SCA)
  • Audit trail management 
  • Developer portal for self-sign up to sandbox and live environments 

The API suite forms the core of a card issuer’s compliance solution, providing the necessary information in real time to meet the PSD2 requirements. APIs enable integration into one smooth user experience for TPPs.   

PSD2 opens new opportunities for card issuers

Beyond compliance, PSD2 can help card issuers to boost their digital transformation. If you combine your compliance implementation with a forward-thinking strategy, this new regulation can be a gateway to developing a more secure and all-around better user experience, plus developing value-added services for your customers by opening a premium API. For instance, large retailer issuers can open account information APIs that provide enriched spending information for their SME customers. Moreover, resellers and distributors can use in-depth reporting services and instant access to enriched data to better understand customers’ buying behavior. When combined with other data sources, e.g., product information, card account data can be used for providing insight services related to consumption patterns or sustainability.   

Partnering with a compliance service provider to supply state-of-the-art tools that assist you in meeting PSD2 regulations helps card issuers future-proof their business.

Successful PSD2 compliance solution case study: Rocker

Rocker is a Swedish bank challenger that started out with lending services and from there is building a complete digital banking product to challenge the existing players and incumbent banks and provide better banking services to consumers. Currently operating in Sweden, Rocker’s vision is to become the number one neobank in Europe, so they are constantly developing their services further.   

As part of improving their offer, Rocker has partnered up with Enfuce to provide prepaid consumer payment cards with a seamless customer experience, full compliance, and the highest security standards.   

Similar to other card accounts providers, Rocker needs to comply with the PSD2 regulation. Enfuce delivered a lean PSD2 API compliance solution in two weeks. Rocker received a cost-effective solution with a fully compliant developer portal detailing Enfuce API management. 

As a result of our collaboration so far, Rocker was able to meet PSD2 compliance requirements in under a month, and we are now continuing our joint efforts – the next step is integrating Strong Customer Authentication (SCA) with Swedish bank ID to further fortify Rocker’s consumer card accounts. 

Would you like to deepen your knowledge of PSD2 regulations and learn how it might affect your card issuing business? Download the full whitepaper, featuring 7 tangible steps for your company to take in order to become PSD2 API compliant: