02.09.2025
Open Banking

PSD2 vs PSD3: Everything You Should Know As An E-Commerce Merchant

article-image
02.09.2025

Accept Online Payments with Noda

Add 2000+ banks for instant Payins & Payouts and scale globally with ease!

The European payments landscape is entering a new chapter. The Payment Services Directive 2 (often referred to as the PSD2 Directive), introduced in 2016, reshaped the industry by enabling open banking, mandating access to bank accounts for third-party providers, and strengthening consumer protection through Strong Customer Authentication. While PSD2 drove innovation, its fragmented rollout across member states created inconsistencies, regulatory gaps and unnecessary friction for both merchants and consumers.

To address these challenges, the European Commission has proposed the Payment Services Directive 3 (referred to as the PSD3 Directive) alongside a new Payment Services Regulation. Together, they aim to strengthen fraud prevention, harmonise rules across the European Union and broaden the regulatory scope to cover new types of payment providers. For e-commerce merchants, this means stricter but clearer compliance obligations, improved reliability in open banking with companies like Noda leading the charge, and ultimately a more secure and user-friendly payments environment.

Key takeaways:

  • PSD3 vs PSD2 regulations: PSD3 addresses new risks, enhances fraud prevention, and expands scope.
  • Strong Customer Authentication will be more stringent and consistent across the EU.
  • The new Payment Services Regulation reduces fragmentation by establishing a single rulebook.
  • PSD3 improves with standardised APIs and more room for innovation.
  • Implementation is due in 2025–2026, with the regulatory path diverging after Brexit.
  • Noda helps merchants adapt to compliant, low-friction account-to-account payments.

Overview of PSD2

The move from PSD2 to PSD3 marks a big shift in European payments. PSD2, adopted in 2015, opened up banking by forcing banks to share account data with licensed third parties, which enabled services like Revolut, budgeting apps and new payment methods. It also introduced Strong Customer Authentication to cut fraud.

But PSD2 wasn’t perfect. Countries enforced the PSD2 regulations differently, some banks only offered bare-minimum APIs, and merchants faced friction from uneven user experiences and delays in compliance.

PSD3, expected around 2026–2027, aims to fix this. It will standardise APIs across Europe, cover instant payments and crypto, and strengthen fraud checks with tools like confirmation of payee. It also promises clearer rules and consistent enforcement across all member states.

For merchants, that means faster payments, fewer failed checkouts, and better access to modern payment options in a more unified European market.

Why Was PSD3 Necessary?

PSD3 became necessary because payment services were evolving at a pace that PSD2 could not fully keep up with. The rise of new fraud tactics and increasingly sophisticated cyber threats demanded a stronger security framework.

At the same time, fragmented enforcement across EU countries created inconsistencies that frustrated both businesses and consumers. Liability gaps and cumbersome authentication processes meant that many users faced unnecessary friction during payments, while businesses struggled with uncertainty. With fintech players and non-bank payment service providers entering the market in force, it became clear that a more harmonised and forward-looking regulatory framework was required. The introduction of the PSD3 and PSR package is intended to deliver that EU-wide clarity.

What Does PSD3 Propose?

According to the European Commission, PSD3 proposes a more unified approach to authentication and liability, while expanding the regulatory scope to encompass modern payment providers. It reinforces Strong Customer Authentication rules by making them stricter, more consistent and more technologically advanced.

It also expands the rights of payment providers to develop custom APIs, backed by fallback mechanisms that ensure uninterrupted services. Liability is clarified and broadened, particularly for fraud, payer manipulation and authorised push payment fraud. By introducing the PSR, the EU ensures that transparency, licensing, and operational requirements are standardised across member states. Another important element of PSD3 is the merger of the legal frameworks for payment institutions and electronic money institutions, which simplifies compliance. Institutions will also be required to prepare winding-up plans to ensure an orderly closure of their business in the event of failure.

Key Issues with PSD2 That PSD3 Aims to Resolve

Although PSD2 was a big step forward, it didn’t fully deliver on its promise. Strong Customer Authentication was rolled out unevenly, resulting in customers across Europe having very different checkout experiences. Regulators in each country interpreted the rules in their own way, which created extra complexity and legal grey areas for businesses. For shoppers, the extra security steps often felt confusing and added friction to the checkout. On top of that, banks built APIs in different ways, which limited how well open banking could work and made it harder for third parties to access data.

PSD3 is designed to fix these problems. It introduces consistent rules, stricter technical standards, and clearer legal frameworks to make payments smoother, safer, and more reliable throughout the EU.

Main Changes Introduced by PSD3

The transition from PSD2 to PSD3 will bring several significant changes. Strong Customer Authentication will be harmonised and extended, with more advanced authentication methods such as behavioural biometrics and multi-device authorisation being supported. Fraud prevention obligations will be strengthened with requirements for real-time monitoring. The liability framework will be clarified, defining responsibilities more explicitly for banks, fintechs and other payment providers. Perhaps the most significant shift will occur with the transition from fragmented national rules to a consolidated EU-wide regulatory framework, facilitated by the PSD2 Directive and the directly applicable PSD2 Regulation.

PSD2 vs PSD3: Key Differences

Feature

PSD2

PSD3

Regulatory Scope

Focus on banks and traditional providers

Broader: includes fintechs, non-bank PSPs

SCA Requirements

Introduced 2FA with exemptions

Stricter, unified, biometric and multi-device supported

Fraud Liability

Varied across members, incomplete

Clearer, extended liability, including APP fraud

Role of Payment Services Regulation

Not applicable (only being implemented with PSD3)

Directly applicable EU-wide regulation

Market Impact

Fragmented implementation

Harmonisation, enhanced innovation and inclusion

Open Banking API Access

Limited openness and fragmentation

Broader access, fallback APIs, and better standardisation

PSD3 and Open Banking

One of the most exciting aspects of PSD3 is its impact on open banking. By tightening standards and improving API reliability, PSD3 will make it much easier for banks and providers to work together — with direct benefits for merchants.

Before PSD2 was implemented, Pay-by-Bank worked, but conversion often suffered because APIs were clunky, some banks were slow to adopt, and downtime was common. With PSD3, banks will face stricter uptime and performance rules, meaning merchants can finally rely on open banking as a mainstream alternative to cards, not just an additional payment method.

Previously, some banks provided only the bare minimum of account data, while others offered richer insights, resulting in inconsistent experiences. PSD3 will harmonise access, providing merchants (through their providers) with consistent data, such as balances, transaction history, and confirmation of funds, across the EU. That makes things like risk checks, instant refunds, and BNPL onboarding much smoother.

And with the Instant Payments Regulation working alongside PSD3, instant SEPA payments will no longer be optional or overpriced. For merchants, this means refunds are instantly credited to customers — improving trust — while incoming payments settle in seconds, strengthening cash flow. This is why so many of them are searching for PSD3 updates and paying close attention.

Impact of PSD3 on Strong Customer Authentication (SCA)

Strong Customer Authentication is central to PSD3. The new directive requires more consistent and frequent use of multi-factor authentication across all member states. It introduces additional methods, such as trusted beneficiary lists and biometric verification, as well as the use of multiple devices for authentication. By refining the exemptions and applying risk-based approaches, PSD3 reduces unnecessary friction for consumers while still maintaining robust protection against fraud. Accessibility is another important consideration, with the rules aimed at ensuring that all users, including the elderly and those with disabilities, can benefit from secure payment services.

How Will PSD3 Affect the EU Market?

The impact of PSD3 on the EU market will be far-reaching. Banks, payment service providers and merchants will need to comply with stricter obligations and assume clearer liability. While this will increase compliance costs, it will also lead to stronger fraud prevention and greater consumer confidence.

Fintech firms in particular will benefit from richer data access and the ability to offer more reliable open banking services. Harmonisation of rules will simplify cross-border operations, making it easier for businesses to scale across Europe. For consumers, the combination of greater security and smoother experiences should result in higher trust and wider adoption of digital payments.

When Will the PSD3 Directive Come Into Effect?

The European Commission released the first proposals in mid-2023, with the European Parliament adopting amendments by spring 2024. Official adoption and transposition into national laws are expected to take place no sooner than 2026. Once adopted, companies will generally have an eighteen-month grace period to comply with the new requirements.

Accept Secure Open Banking Payments with Noda

Although PSD3 is still way ahead, open banking is already a widely adopted framework across Europe, making payments safer and easier for both merchants and consumers. Unlike card processing, it cuts costs, reduces fraud, and delivers faster settlement. With Noda, you can capitalise on this shift today.

Noda helps you stay ahead of the curve with a unified payments platform built to improve conversions:

  • Ultra-low fees from 0.1% to boost margins.
  • Coverage across 2,000+ banks in 28 countries with multi-currency support
  • Instant account-to-account settlement with no intermediaries
  • Integration with cards, Apple Pay & Google Pay processing for an even wider reach and flexibility.
  • Plug and play integration – ready-made plugins for WooCommerce, OpenCart, Magento and PrestaShop or a comprehensive API for custom integrations.
  • Instant payment links – collect payments without a website or any coding.
  • No chargebacks – reduce fraud risk with secure open banking transactions.
  • Personal assistance – a dedicated account manager to support set up, integration and optimisation.

Book a free demo to see how Noda can help you operate within the PSD2 and PSD3 frameworks and reduce your transfer fees while improving checkout conversion rates.

FAQs

What is PSD3?

Introduced in 2016, PSD2 enabled open banking, but suffered from an inconsistent rollout. PSD3, backed by the PSR, unifies rules across Europe, strengthens authentication and fraud prevention, and widens scope to cover fintechs and non-bank providers.

When will PSD3 come into effect?

The directive is expected to be adopted between 2025 and 2026, with an eighteen-month transition period for compliance.

How will PSD3 impact open banking?

It will improve API standardisation and reliability, making open banking more accessible and fostering innovation by enabling stronger collaboration between banks and third-party providers.

What changes does PSD3 introduce to Strong Customer Authentication (SCA)?

PSD3 expands and unifies authentication rules across Europe, supporting advanced biometric methods, trusted beneficiary lists and multi-device verification while applying dynamic, risk-based exemptions to reduce friction.

Will PSD3 replace PSD2 in the UK?

The UK is expected to continue implementing PSD2 while introducing its own regulatory updates, resulting in divergence from the EU framework.

capterra

Products

Open Banking PaymentsCard PaymentsCheckout FormNo-code Payment PageInstant Payment LinksQR code PaymentsBank PayoutsCard PayoutsData EnrichmentSign in via Bank

Use Cases

Travel & TourismE-CommerceSaaSRetailMarketplacesEducational PlatformsOnline Gaming

About

CompanyWho We AreWhy Open Banking?Security & Data HandlingLegal & PrivacyRisk and AML/CFT PoliciesUX ApproachPartnershipWhite Label PartnersCareers

Developers

Tech DocumentationNoda DemoNoda Plugins

Other

PricingArticlesCase StudiesNewsroomGlossaryMarketplace
© 2025 Noda. All Rights Reserved
PciCapterraMaltaOn the List! 2024PA connecting the futurePCI DSSLEIRegister

NAUDAPAY LIMITED, (Company Number: 11741664) with the registered address: 162 Buckingham Palace Road, London, SW1W 9TR, UK is an authorized Payment Institution and regulated by the Financial Conduct Authority (FCA) (Reference number: 832969) under the Payment Services Directive ((EU) 2015/2366)

Terms of UsePrivacy PolicyCookies PolicyContact Us
🌟 Noda Wishes You Happy Holidays 🌟