The revised EU Payment Services Directive (PSD2) came into force on 1 January 2018. The aim of the directive is to increase competition, enable faster payment processing in the European banking market and, most importantly, improve payment security. On 14 September 2019, the legislation was supplemented when a new regulatory technical standard on strong customer authentication and secure communication (RTS) took effect.

The RTS results in technical changes in the payments area and in our digital channels strengthening security in relation to payments and the protection of your data. The changes were implemented in our systems automatically. 

On this site, you can read about some of the key changes:

Digital platforms
Since 14 September 2020, the users of our online banking platform, District, have seen minor changes: 

  • The logon flow has changed so that it is no longer possible to see which part of the authentication has failed during logon
  • When making payments, users may need to provide extra authentication to approve the payments
  • The time period for automatic logoff due to inactivity was shortened.

Online and in-store shopping

Corporate card holders now experience extra authentication steps in the purchase process more often, both when shopping online or at physical stores:

  • When making online purchases on websites in the EU, the card holder more often is required to use a one-time password, which is pushed in a text message as a part of the purchase flow.
  • The card holder more frequently have to use the 4-digit PIN when using the payment card in physical stores in the EU.


Third-party providers and Open Banking

Since 14 September 2019, users have been allowed to use third-party providers in relation to accounts and payments services where an account is accessible online. Third-party providers (TPPs) are independent service providers. 
A TPP will be able to do a number of things for you: aggregate your account information, provide services to allow you to make various transfers from your account, or issue instruments for making card-based payments from your account. 

If you are interested, we will assist a TPP in providing services to you. However, it makes sense for us to apply certain parameters to the way in which TPPs operate and to set out what we will need to receive from you and from the TPP to allow the services to be provided. 

You can read more about Third-party providers and Open Banking here.


Terms and conditions

As a result of the changes in relation to the new regulatory technical standard for PSD2, some of our terms and conditions have been updated. You can find your terms and conditions on the following pages:

London Branch



Poland >

If you have any questions, you are of course also welcome to contact your relationship manager.


Q&A about PSD2

What is Strong Customer Authentication?
The requirements for stronger security is also known as Strong Customer Authentication (SCA). SCA is based on two or more of the following three factors:

  1. Something you know (eg. password, passphrase, pin, sequence, secret fact)
  2. Something you own (eg. mobile phone, wearable device, smart card, token, badge)
  3. Something you are (eg. fingerprint, facial features, voice patterns, iris format, DNA signature)

Will there be more changes in the future?
We always strive to give our customers the best experience when using our digital channels, which means we continue to work on improving the experience when using our digital channels, while remaining compliant with the requirements from the PSD2 legislation

Want to get in touch?

Content is loading
Show more rows: All table rows are already visible for screen readers.
Show less rows: All table rows are already visible for screen readers.