PSD2 at Bank Leumi (UK)
What is PSD2?
The Second Payment Services Directive – or PSD2 for short – is new legislation laid out by the European Commission to regulate payments services throughout the European Union. It has been implemented in England and Wales through the Payment Services Regulations 2017. PSD2 came into effect on 13th January 2018 (though some of the requirements don’t take effect before 2019) and builds on the First Payment Services Directive introduced in 2009.
Its aim is to increase competition, improve transparency and consumer rights, promote innovation, and enhance overall customer protection and security.
What do I need to know?
PSD2 introduces the possibility of online banking through authorised third parties. These are commonly known as third-party providers or TPPs for short. TPPs will normally act as Payment Initiation Service Providers (PISPs) and Account Information Service Providers (AISPs); TPPs can only obtain access to a customer’s online payment accounts if granted express permission by the customer. The aim is to give consumers greater visibility and control over their finances.
- Account Information Service Providers (AISPs)
If you choose, you can connect all of your bank accounts and aggregate your information into one place. This means that you could see your balances and transaction history from your different accounts across different banks, all in one view.
- Payment Initiation Service Providers (PISPs)
TPPs acting as a PISP will be able to initiate payments from your bank account with your consent. If you have several accounts with different banks, you will be able to select from which account the payment is made.
Is my information safe?
You should only share your data with TPPs registered with the Financial Conduct Authority (FCA). It will be completely up to you whether you want to use any of these services once they are available.
PSD2 also sets minimum requirements for Strong Customer Authentication (SCA) to protect customers from fraud and impersonation. At least two of the authentication factors below will be required before you can carry out certain activities on your account:
- Knowledge – something only the user knows (e.g. a password)
- Possession – something only the user holds (e.g. a mobile phone)
- Inherence – something unique to the user (e.g. face recognition)
These requirements will come into force from 14th September 2019.
Will I be able to see my account information from other banks on the Leumi online banking portal?
We have no immediate plans to offer this service, however customers will be given the option to share their Leumi UK account information with other authorised TPPs (PISPs or AISPs).
Which of my Leumi UK accounts will be affected by PSD2?
It covers all personal and business online payment accounts. For further information on our online services, known as LeumiLink, please contact either your Relationship Manager or the COS - Client Services team.
Do I have to use this service?
No, it is totally optional and based on your personal preference. Remember, we will only share your information with third-parties if you allow us to do so.
Where can I find out more?
If you have any further questions please contact us via email: email@example.com or speak to your dedicated Relationship Manager.
I am a Third-Party Provider (TPP), how can I set up access to accounts at Leumi UK?
Leumi UK has partnered with Token, a leading provider of open banking technology to make our PSD2 dedicated interface available. Token is licensed by the FCA in the UK as an AISP and PISP and TokenOS aggregates thousands of banks throughout the European Union.
For the technical specification for TPPs and supporting documentation please visit https://developer.token.io/token-request/
For the technical specification of the API please visit https://developer.token.io/bank-integration/