What’s new with PSD2?

At WorldFirst, we are committed to evolving, both to improve our product offerings for our customers, and to also keep up to date with vital regulatory or solution updates. The next being that we are launching a PSD2 API from the 14th August for Third-Party Providers (TTPs). It will allow WorldFirst World Account customers to link and manage their currency account, edit beneficiaries (from September onwards) and make World Account payments as required.

We want our Third-Party Providers (TPPs) to have enough time to test our API. We are inviting authorised Account Information Providers* (AISPs) or Payment Initiation Service Providers (PISPs) to engage with us and test this API to ensure a smooth operational integration from the launch date of the 14th September 2019.

PSD2 defines two types of third-party providers (TPPs), regulated by National Competent Authorities*. These are outlined below:

1. Account Information Service Providers (AISPs)

These are service providers that aggregate and display the customer’s online account information. Including one or more accounts held at one or more account servicing payment service providers (AISPs).

2. Payment Initiation Service Providers (PISPs)

These are service providers that initiate payment transactions on behalf of the customer.

What this means for AISPs and PISPs

Regulated TPPs can use the sandbox environment that WorldFirst is making available from the 14th of August and integrate with the API, fully testing the functionality provided. To be eligible to test in the sandbox environment TPP’s must be authorised by the FCA as either an AISP or a PISP and meet the necessary security requirements.

Whilst we do not expect there to be any problems, it is always good to be prepared for the unexpected so we welcome all feedback as part of this testing phase and will work directly with you to address any issues.

This means that by the 14th September deadline for full implementation, TTP’s would have tested the API using our sandbox credentials and be prepared to make the integration production-ready. The next step for TTPs involves you requesting production system credentials. These can be accessed by visiting our dedicated PSD2 API web page and following the instructions.

Once you have made the integration production-ready, you will be able to provide account information requests and payment initiation from a WorldFirst World Account to your customers without leaving your interface.

PSD2’s importance

The focus of PSD2 is to closer align payment regulation with where businesses and technology are currently and have clear security requirements for electronic payments being started and processed.

Increasing customer security is key to PSD2, which includes Strong Customer Authentication (SCA). This is an authentication process that validates the identity of the user of a payment service or a payment transaction. For more information, see PSD2.

TPPs can enrich their communication security with PSD2 as it requires TPPs to use electronic Identification, Authentication and Trust Services (eIDAS) certificates for electronic signatures and electronic seals. As a result, Qualified Trust Service Providers (QTSPs) issue the eIDAS certificates, further ensuring security.

Finally, it has the mandate to protect consumers data.

Find out more from our experts

It’s simple to gain the correct sandbox credentials to perform your testing. Get your sandbox account and start testing the possibilities of WF’s PSD2 API. For technical questions or help with any of your issues please contact us at the following email address: api.integration.support@worldfirst.com and we’d be happy to support you further.


*https://www.eupati.eu/glossary/national-competent-authority/   – https://eba.europa.eu/supervisory-convergence/supervisory-disclosure/competent-authorities – https://eba.europa.eu/single-rule-book-qa/-/qna/view/publicId/2019_4609