Payment Service Directive (PSD2)

We offer a payment initiation service for private and corporate customers who have a bank account with SEB, Citadele or Luminor bank in Latvia, Lithuania and Estonia or a Swedbank account in the Baltic States (Lithuania and Estonia), or an LHV bank account in Estonia.

Remember! Even though a payment form is filled out in the environment of Swedbank Internet Banking, the payment order will be executed in the bank that holds the account from which the payment was initiated.

Before starting payment initiation – please onboard your other bank’s account to the Swedbank Internet Banking system and/or check if access to it is still valid. Please find out how to do this and the rest of the most important information about the payment initiation service here.

EU rules mean your electronic payments are becoming cheaper, easier and safer.

• documentFind out more

• All access to account information requires the customer's consent. Third party provider will asl for your consent and you will be able to give it in its interface (for example, company’s providing such service, website).
• You will need to verify your consent with means of identification granted to you by Swedbank (for example, Smart-ID, PIN generator). Important: you will not be able to grant consent while using code cards.
• You can choose which information you want third party service provider to see: account number, account balance or account statement. Third party provider will only see information of the accounts you can make payments from.
• Customers can see their given consents when they log in to their internet bank.

• Companies wishing to become TPPs must apply for, and obtain, a permit or be registered by the Financial Supervisory Authority.
• A customer who wishes to use a previously unknown TPP should first and foremost check that the TPP has the proper registration/ authorization with the local FSA. You can check this here.

• Legislation prohibits TPPs from using the data for purposes other than the one for which the customer’s approval has been granted.
• The TPPs should of course also comply with the General Data Protection Regulation.
• Important! You should remember that you must act carefully before granting the consent to third parties. Always familiarize yourself in detail with conditions of the contract that is being concluded.

• Customer must first report the transaction to the bank that provides the account from which the payment has been made. This needs to be done in time stated in the Payment Law (13 months from payment processed).
• A payment initiation service provider is responsible to the bank if the bank has given the customer compensation for a loss caused by the payment initiation service provider.
• Important! You may not be reimbursed the loss for unauthorized payment operations which sum dies not exceed 50 EUR if the loss was incurred due to lost or stolen means of payment use or illegal appropriation of mean of payment.

On 14th September 2019 in EU amendment to Second Payment Service Directive (PSD2) Regulatory technical standards (RTS) becomes in force defining measures of practical implementation of PSD2.

New technical standards for online card purchases take effect on 1 January 2021.

Requirements for Strong Customer Authentication (SCA) and common open standards for communication between different service providers will come into force to make payments even more secure. Along many other requirements to which service providers will gradually adopt their payment processes, for online card payments it means that SCA will be required.

Strong Customer Authentication (SCA) means that an authentication is made based on the use of two or more elements categorised as Knowledge (something only the user knows), Possession (something only the user possesses) and Inherence (something the user is).

For SCA authentication elements are categorised

• Somethink the customer knows
• Somethink the customer has
• Somethink the customer is

For SCA authentication must be use two elements out of these three.

Authentication methods compliant with SCA provided by Swedbank:

• Smart-ID: your smart device combined with your pin code
• PIN Generator: your PIN device combined with your pin code
• National ID: your eID card combined with your pin code
• Payment card: your payment card combined with your pin code
• Biometrics via Swedbank app: your smart device combined with your biometric data

Payments in store:

Payments in store will be processed as usual either by confirming the payment with the PIN code or using contactless card, smart watch or other device.

Online payments:

Along with implementation of RTS, stronger authentication means will be used for online shopping. It indicates that merchants will be verifying identity of cardholder by requesting SCA. This would require merchants to ensure technical solution called 3D-Secure – identity confirmation method in web environment already used by e-commerce merchants today.

It is important to note, that more and more online shops will ask to authenticate payment strongly, that means to reapprove it with authentication measures: Smart -ID, National ID, or PIN generator.