In the beginning, there was the Payment Services Directive — PSD1.
Introduced in 2007 and in force in 2009, PSD1 laid the foundation for a unified European retail payments market. It aimed to make cross-border payments within the European Union (EU) as seamless, efficient, and secure as domestic ones. Simultaneously, it sought to boost innovation and competition in a space long dominated by traditional banks. For the first time, non-bank providers could enter the market, bringing more choice and price competitiveness to consumers.
Then in 2018 came PSD2, which built on PSD1's goals and responded to a rapidly changing payments landscape. The introduction of Open Banking and Strong Customer Authentication (SCA) were headline features. PSD2 enhanced consumer protection, improved security, and made space for new technologies and payment methods. But it also came with growing pains—implementation was inconsistent, APIs were unreliable, and customer experiences suffered.
Enter PSD3, which introduces new rules, broader scope, and stronger expectations for transparency, innovation, and security. In this blog, we’ll break it down: what’s changing, who’s affected, how it compares to PSD2, and when it comes into effect.
What is PSD3, and why should you care?
The third Payment Services Directive is the EU’s latest move to modernize financial services. It’s designed to improve consumer protection, support Open Banking, enable new payment methods like Buy Now Pay Later (BNPL), instant payments, and crypto, enhance fraud prevention, and level the playing field between banks and fintechs.
If you’re in the UK, PSD3 doesn’t apply directly. However, if you operate in or serve the EU market, it matters. PSD2 was adopted into UK law post-Brexit, and UK regulators may choose to align future UK frameworks with PSD3.
PSD2 vs PSD3: What’s new and noteworthy?
We all remember the promise of PSD2. Open Banking, third-party access, and new security requirements. But it wasn’t perfect. Banks were slow to comply, API reliability was patchy, and consumer data practices were inconsistent.
PSD3 attempts to address these issues. Key changes include:
Stronger consumer protection
Consumers will have more rights, including easier refunds for fraudulent transactions, clearer account statements, and greater transparency on fees (e.g. hidden ATM charges).
A modernized payment landscape
PSD3 covers emerging payment methods, such as BNPL, and is designed to ensure that the regulatory framework evolves with the way people actually pay.
Open Banking 2.0
PSD3 builds on the Open Banking model:
- Banks must improve API reliability and publish quarterly performance reports
- If bank APIs are non-functional, third-party providers can build their own interfaces
- Customers gain permission dashboards to manage third-party access
Increased transparency
Financial institutions will need to be clearer than ever about fees, currency conversion rates, and terms of service,.
Enhanced fraud prevention
PSD3 strengthens liability rules for providers who fail to prevent fraud, improves data sharing across providers, and adds support measures for users who don’t own smartphones or need accessible services.
Safeguarding customer funds
Non-bank payment institutions will now be allowed to hold customer funds directly with central banks, a move aimed at increasing trust and stability.
Strong customer authentication (SCA): new rules, new flexibility
SCA is staying, but with adjustments. For example:
- Subscriptions only require authentication for the first payment
- Two authentication factors from the same category (e.g., two passwords) are allowed
- Mail Order/Telephone Order (MOTO) and Merchant Initiated Transactions (MIT) remain exempt
- Accessible SCA methods must be offered for the elderly or those with disabilities
PSD3 and open banking: better, faster, stronger
If PSD2 was a revolution, PSD3 is an evolution. Common pain points are directly addressed:
PSD2 issue | PSD3 solution |
Unreliable APIs | Mandatory performance reporting |
Banks blocking third-party access | Interfaces must be made available |
Lack of customer visibility | Permission dashboards required |
Weak data standards | Enforceable improvements to data sharing |
What should you do now?
If you're still reading and haven’t yet Googled “PSD3 compliance checklist,” you could be at risk of falling behind.
Here’s a starting point:
- Review and update authentication flows
- Audit API performance and plan improvements
- Prepare for custom third-party interfaces
- Ensure accessibility compliance for SCA
- Monitor legislative developments closely
- Consult legal and regulatory experts
Above all, don’t wait until 2026. Start planning now.
PSD3 isn’t just an update - it’s an evolution
PSD3 represents a leap forward for digital finance in Europe. It puts consumers first, enforces fairness, and promotes innovation. Yes, it will demand investment. Yes, it will introduce complexity. But it also presents a chance to build better, smarter, more inclusive financial products.
And in a fast-moving market, those who prepare early won’t just comply, they’ll lead.
PSD3 may bring changes, but Marqeta is here to help. Whether you’re just diving into new regulations, looking to refine your payments strategy, or explore opportunities in Open Banking, our team is here to help.
Get in touch to explore how we can help support your business through the PSD3 transition.
