Try our new website for a faster, fresher, and smarter banking experience.

Old Old Version New New Version

Payment Services Directive II (PSD2)

Open Banking would enable personal and business customers to securely share their account and payment information with banks and third parties. This would enable customers to compare products, initiate payments and request account information. It is an initiative led by the UK’s Competition and Markets Authority (CMA) to provide the services through Application Programming Interfaces (APIs). Open Banking allows customer to share their account information with Third Party Providers (TPPs or Third Parties), without sharing their log on details. It enables those TPPs to access account information and provide the required services.

 

How Open Banking Works at ICICI Bank UK

  1. Third Party Access : You can choose approved third party for various services like sharing account information, payment authorization, budgeting or showing all account in one place, through other apps and websites.
  2. Consent & authentication : The Third Parties asks your permission. You are securely redirected to ICICI Bank UK to log in and approve exactly what data or actions the TPP can take. ICICI never shares your login credentials with third parties.
  3. Secure API connection : Once you consent, the TPP uses our secure APIs (built to PSD2 / Open Banking standards) to read your permitted account data or to make a payment.

 

Security & Choosing Safely

  • Only regulated and authorised Third Parties (TPPs) can request access to your data. Before sharing anything, check that the company is listed in the Open Banking Directory or is on the FCA Register
  • Be careful when giving consent : only approve Third Parties (TPPs) you trust
  • If you ever change your mind, you can revoke consent immediately via your online banking or mobile app

 

Data Protection & Privacy

  • When you grant permission, TPPs may retrieve your transaction history, account balances, and other allowed data (listing)
  • TPPs are separate data controllers / processors; their handling of your data is subject to GDPR / UK data protection laws
  • If you want a TPP to delete your data, you should contact them directly. You can also revoke your consent at any time by contacting ICICI Bank UK plc

We believe Open Banking can give our customers access to new products and services and increase innovation in financial services. We believe our customers access to some of these new services and will continue to increase the APIs and channels we support.

 

Before we can onboard you, you must be registered and authorised with the FCA or another European regulator and enrolled in the Open Banking Directory.

 

ICICI DEVELOPER PORTAL

 

  • We support regulated AISPs and PISPs
  • To onboard, you must be authorised / registered with the FCA (or EU equivalent) and enrolled in the Open Banking Directory
  • Visit our Developer Portal (link) for: API documentation, sandbox access, production readiness checklist, security & certificate requirements
  • For technical or business onboarding, contact us at psd2.helpdesk@macroglobal.co.uk  (or via our developer portal)

 

Payment Services Directive II

The Revised Payment Services Directive (PSD2) is a fundamental piece of payments-related legislation in Europe. In the UK, PSD2 is implemented through the Payment Service Regulations 2017 which comes into force from January 13, 2018. PSD2 is the product of a review of the original Payment Services Directive (PSD) and requires Payment Service Providers (PSPs) to make significant number of changes to existing operations.

 

The PSD was implemented in 2009 and aimed to create a single market for payments in the European Union, as well as provide a foundation for the Single Euro Payments Area (SEPA). Its main objective was to make cross-border payments as easy, inexpensive and secure as domestic payments.

 

However, as the digital economy developed, new services began to appear – services that lay outside of the scope of PSD. With the arrival of PSD2, these new services and their providers will be registered, licensed and regulated, increasing competition, providing more choices for customers, and encouraging lower prices for payments.

FAQs

What are the main differences between PSD and PSD2?

PSD2 widens the scope of the PSD by covering new services and players as well as by extending the scope of existing services (payment instruments issued by payment service providers that do not manage the account of the payment service user), enabling their access to payment accounts.

PSD2 includes transactions with third countries when only one of the payment service providers is located within the EU ("one-leg transactions")

In case of unauthorised transactions, how is your liability changing under the PSD2?

Under the current regime payers’ liability for unauthorised transactions is currently capped at £50 in the UK - unless the payer has acted fraudulently or has, with intent or gross negligence, failed to comply with the conditions governing their use of a payment instrument or failed to notify the PSP without undue delay on becoming aware of its loss, theft, misappropriation or unauthorised use. Under PSD2, the liability cap is reduced to £35. Payers will only be liable in cases of user fraud, gross negligence or failing to notify their payment service provider without undue delay on becoming aware the loss. 

How are the complaints handling timings going to change?

We will give a full response to complaints that involve rights and obligations under PSD2 within 15 days. If there are exceptional circumstances, this is extended to a maximum of 35 days and we will send you a holding letter in the interim.

What does Strong customer authentication mean?

PSD2 requires Strong Customer Authentication (SCA), which is also known as two-factor authentication. Effective 2019, we will offer to use SCA whenever you access your payment accounts online, make an electronic payment or carry out any action through a remote channel which may carry a risk of fraud or abuse. SCA is made up of two or more elements, including knowledge (something you know, such as a password), possession (something you have, such as a card or mobile device) or 'inherence' (something you are, such as a fingerprint or voice recognition).

What caution should I exercise while using TPPs?

You can allow another third party service provider, with your clear and specific consent to make an online payment or access your account on your behalf. You are advised to exercise caution while giving your consent to a third party service provider and this should be done only with a registered or authorized service provider. Further, ICICI Bank UK Plc. recognised TPPs will be published on Bank’s website.

Can the Bank refuse a payment?

The Bank reserves the right to stop or block a payment instrument when we have reasonable grounds relating to security, suspect unauthorized or fraudulent use of payment instrument. However, before blocking or stopping a payment instrument we will contact you to inform you of our intention and reason for doing so.

How are transaction charges going to change?

Payments in currencies where the originator and beneficiary are in EEA countries the charges will be shared between the payer and payee.