PSD2 ja pankkiyhteydet: turvallisuus pienyrityksen taloushallinnossa

PSD2 (Payment Services Directive 2) changed the landscape of banking services in the EU. It opened up bank data to third parties and made strong customer authentication (SCA) mandatory. In this article, we will go through what PSD2 means for the banking connections of a small business's financial administration.

What is PSD2?

PSD2 (Directive (EU) 2015/2366) is an EU payment services directive that fully came into force in 2019. It obliges banks to open up interfaces to third parties – such as financial administration software.

In practice, this means that financial administration software can:

Retrieve account transactions directly from the bank (AISP, Account Information Service Provider)
Initiate payments directly from the software (PISP, Payment Initiation Service Provider)
Display information from multiple banks in a single view

SCA – Strong Customer Authentication

PSD2 introduced the Strong Customer Authentication (SCA) requirement. It means that electronic payments and account information retrieval require at least two authentication factors out of three:

Knowledge: something the user knows (PIN, password)
Possession: something the user has (phone, authentication app)
Inherence: something the user is (fingerprint, facial recognition)

In practice, SCA means that activating a bank connection requires confirmation in a banking app or online banking.

Access rights and security

Key principles of the PSD2 security model:

The financial administration software must be registered as an AISP or PISP by the authority (Finanssivalvonta in Finland)
The user gives consent for data retrieval – the software does not receive data without permission
Consent must be renewed regularly (typically every 90 days)
The bank must not prevent authorized interface use
All data communication is encrypted

Security Checklist for Small Businesses

Ensure that your financial administration software is PSD2-compliant and registered
Use strong authentication when activating your bank connection
Renew your bank connection consent on time (don't let it expire)
Regularly check who has access to bank data in your software
Use multi-factor authentication when logging into financial management software as well

Read more about personal data processing in financial management in our GDPR article.

Practical example: a cleaning company and automatic accounting

A cleaning company of ten people previously used online banking and an Excel spreadsheet to monitor cash flow. The implementation of the bank connection in Eemel Accounting changed their daily routine:

Bank transactions are automatically imported into the software
Automatic accounting allocates transactions to the correct accounts based on rules
Cash flow is visible in real-time – no need to log into online banking separately
The accountant sees the same information without separate data transfers

Try it in practice

Eemel Accounting includes a PSD2-compliant bank connection and automatic accounting. Cash flow in real time.

Try 14 days for free

Frequently asked questions

Is the PSD2 bank connection secure?

Yes. PSD2 requires strong authentication and encrypted communication. The service provider must be registered with the authorities.

Why does the bank connection need to be renewed every 90 days?

PSD2 requires consent to be renewed for security reasons. Financial management software will remind you to renew it.

Does the bank connection work with all Finnish banks?

Most of them. Eemel Accounting supports Finnish banks via the Enable Banking API.

Can payments be made via the bank connection?

Yes, if the software has a PISP license. Eemel Accounting allows initiating payments directly from the software.

How does the bank connection differ from manual import of bank statements?

With a bank connection, transactions come automatically and almost in real-time. With manual import, you have to download the bank statement and import it separately.

Sources

This article is general in nature and does not constitute legal advice.