EemelEemel Accounting
    Blog
    Security14.2.2026

    PSD2 ja pankkiyhteydet: turvallisuus pienyrityksen taloushallinnossa

    PSD2 muutti pankkipalvelujen kenttää EU:ssa. Käymme läpi, mitä PSD2 tarkoittaa pienyrityksen taloushallinnon pankkiyhteyksien ja turvallisuuden kannalta.

    "PSD2 (Payment Services Directive 2) changed the landscape of banking services in the EU. It opened up bank data to third parties and made strong customer authentication (SCA) mandatory. In this article, we will go through what PSD2 means for the bank connections of a small business's financial administration."

    "What is PSD2?"

    "PSD2 (Directive (EU) 2015/2366) is an EU payment services directive that came fully into force in 2019. It obligates banks to open up interfaces to third parties – such as financial administration software."

    "In practice, this means that financial administration software can:"

    • "Retrieve account transactions directly from the bank (AISP, Account Information Service Provider)"
    • "Initiate payments directly from the software (PISP, Payment Initiation Service Provider)"
    • "Show information from multiple banks in one view"

    "SCA – strong customer authentication"

    "PSD2 introduced the Strong Customer Authentication (SCA) requirement. This means that at least two authentication factors out of three are required for electronic payments and account data retrieval:"

    1. "Knowledge: something the user knows (PIN, password)"
    2. "Possession: something the user has (phone, authentication app)"
    3. "Inherence: something the user is (fingerprint, facial recognition)"

    "In practice, SCA is visible in the fact that activating a bank connection requires confirmation in the banking app or online bank."

    "Access rights and security"

    "Key principles of the PSD2 security model:"

    • "Financial administration software must be registered as an AISP or PISP by the authority (Financial Supervisory Authority in Finland)"
    • "The user gives consent for data retrieval – the software does not get information without permission"
    • "Consent must be renewed regularly (typically every 90 days)"
    • "The bank may not prevent authorized interface use"
    • "All data traffic is encrypted"

    "Security checklist for small businesses"

    1. "Ensure that your financial administration software is PSD2-compliant and registered"
    2. "Use strong authentication when activating your bank connection"
    3. "Renew bank connection consent on time (do not let it expire)"
    4. "Regularly check who has access to bank information in your software"
    5. "Käytä monivaiheista tunnistautumista myös taloushallinto-ohjelmistoon kirjautuessa"

    "Læs mere henkilötietojen käsittelystä taloushallinnossa GDPR-artikkelistamme."

    "Practical example: cleaning company and automatic allocation"

    "A ten-person cleaning company previously used online banking and an Excel spreadsheet to track cash flow. Implementing the bank connection in Eemel Accounting changed their daily routine:"

    • "Account transactions are automatically imported into the software"
    • "Automatic allocation assigns transactions to the correct accounts based on rules"
    • "Cash flow is visible in real-time – no need to log in to online banking separately"
    • "The accountant sees the same information without separate data transfers"

    "Try it out in practice"

    "Eemel Accounting includes a PSD2-compliant bank connection and automatic allocation. Cash flow in real-time."

    "Try it free for 14 days"

    "Frequently Asked Questions"

    "Is PSD2 bank connection secure?"

    "Yes. PSD2 requires strong authentication and encrypted communication. The service provider must be registered by the authorities."

    "Why do I need to renew the bank connection every 90 days?"

    "PSD2 requires consent to be renewed for security reasons. The financial management software will remind you to renew it."

    "Does the bank connection work with all Finnish banks?"

    "Most of them. Eemel Accounting supports Finnish banks through the Enable Banking interface."

    "Can payments be made via the bank connection?"

    "Yes, if the software has a PISP license. Eemel Accounting allows initiating payments directly from the software."

    "How does a bank connection differ from manual import of bank statements?"

    "With a bank connection, transactions come automatically and almost in real-time. With manual import, you have to download the bank statement and import it separately."

    "This article is general in nature and is not legal advice."

    Bag Eemel står Epic Invoicing Oy | CVR-nummer: 2571844-9 | Momsnummer: FI25718449

    Fuldt finsk-ejet virksomhed | Hjemsted: Tampere, Finland