The former PSD limited the perimeter to only Euro transactions: the PSD2 extends the rules of transparency and correct information applying them also to the so-called one-leg-out transactions, in other words, even when only one of the two Payment Service Providers is in the territory of the European Union. The rules of transparency and correct information apply to payment transactions made in any currency.

Users of online bank accounts will have the opportunity to arrange payments or get information on their bank account also through the use of applications by “Third parties” (Third Party Provider – TPP) that will have the right of access in an “open” way to the systems of the account servicing bodies (Account servicing payment service provider - ASPSP). The ASPSP will have to create technical interfaces necessary to dialogue with Third Parties and for the management of transactions ( Payment initiation services - PIS) and informative operations ( Account information services - AIS) initialised by the users through these entities; a third macro area is represented by the online services for fund confirmation ( Card initiated services – CIS).

Sharing of responsibility between the different players involved: for PSD2, the supply of order-placement services and of account information may not depend on the existence of a contractual relationship between the PISP/AISP and the account servicing payment service provider (ASPSP). In case of unauthorised operation, the ASPSP shall reimburse the debtor to the maximum by the end of the next business day, asking for reimbursement in a second stage to the PISP, if the conditions are met. It is disputed whether the absence of a contractual relationship between ASPSP and PISP/AISP would make the application of such provision more difficult.

With regard to the issue of security and authentication, the PSD2 establishes the application of the Strong Customer Authentication - SCA by providing that a payment service provider shall apply it when the debtor:

• enters his online-payment account;
• makes an electronic payment transaction: when the transaction is done remotely via TPP, the PSPs should apply the strong customer authentication, including elements that dynamically connect the operation to a specific amount and to a specific beneficiary;
• performs any action, through a remote channel, which might involve a risk of fraud in payments or other abuses.

A TPP that wants to access the accounts, can rely on the authentication procedures provided by the payment service provider where the user's account is held, and is not obliged to have a contractual relationship with the latter. This means that the bank or payment institution, in which the user has opened an account, manages the transmitted payment orders through Payment Initiation services and the transmitted data requests through Account Information services, without discrimination, if not for objective reasons.

There is a cap on interchange fees : for prepaid and debit card payments the interchange fee for each payment transaction cannot be greater than 0.2% of the transaction value; for transactions via credit card the interchange fee for each operation cannot be greater than 0.3% of the transaction. To date, in case of theft or fraud with cards or bancomat cards, the customer was required to pay 150 euros for operations that he did not recognise, with the PSD2 this excess drops to 50 euros.

The PSD2 reshapes existing exemptions ("negative scope") for commercial agents, telecommunications and networks with limited spendable amounts ("limited network") and independent ATMs.