Transactions without the traditional players

In our previous blog post, we looked into PSD2, what it is and how it might affect banks’ business. This post takes a look at one of the key parts of PSD2: XS2A.

What is XS2A?

Access to Account (XS2A) might be the biggest technological innovation in retail banking since the internet. The XS2A opens up for bypassing actors in the existing e-commerce ecosystem. The Card Scheme and the Acquirer will be by-passed since XS2A allows direct communication between the Merchant and the Customer’s Bank. For in-store payments, this paves the way for solutions without the need of a Point-of-Sale. The shopping experience in-store can be similar to e-commerce transactions.

Third-Party Providers and XS2A

The inclusion of  Third-Party Providers (TPPs) might be the most significant change in PSD2, where Access to Accounts (XS2A) is introduced. Banks and other financial institution must give certain licensed third-parties Access to Account information, and can not treat payments that go through Third-party Service Providers any differently.

There are two types of TPPs, the Account Information Service Providers (AISP) and the Payment Initiation Service Provider (PISP). The AISP provides information about your accounts and balances, and the PISP initiate payments without going through the traditional payment networks.

Traditional e-commerce Transaction

Today, when shopping online, you decide what to buy, and complete your purchase using your card. The merchant will have an Acquirer, who will then contact the customer’s card scheme e.g. MasterCard or Visawho will then pull the payment, debiting the customer’s bank account.


Post PSD2 transactions

When all aspects of PSD2 are rolled out and put into motion, the traditional e-commerce transaction explained above will be disrupted. Instead of entering all your debit or credit card details, you will then be asked whether you want to give the retailer access to your bank account. By agreeing, the merchant takes you to your bank’s internet banking site where you give the required permissions.

How Facebook login and permissions flow is today

This is comparable to how you use your Facebook or Twitter information to log into your apps and websites, without ever exposing your details to the service providers.

You will not give your bank login details to the webshop, and the bank will never access your retailer login details, you simply give permissions to the webshop to execute payments on your behalf via your bank account.

Innovators have already begun

The new Payment Services Directive is being put into force now. Requiring issuers, banks, merchants and all other actors involved in the payment ecosystem, to adapt to the changes. This has already driven innovation in the space with new players disrupting the traditional existing roles in the payment ecosystem. Seqr is an example of a mobile wallet that utilizes access to the account (XS2A) in order to create a great mobile payment app. The app allows users to pay using QR codes, or by using the contactless capability on their phone, to deduct the money from the user-selected account. What other services will we see taking centre stage as PSD2 (spreads) takes hold?

Our mission at MeaWallet is to help our clients simplify mobile payments and support implementation. Our team is passionate about the subject and continually looking at the evolution and trends in the mobile payments space. We welcome your comments or invite you to get in touch directly with us at