EemelEemel Accounting
    Blog
    Security14.2.2026

    PSD2 ja pankkiyhteydet: turvallisuus pienyrityksen taloushallinnossa

    PSD2 muutti pankkipalvelujen kenttää EU:ssa. Käymme läpi, mitä PSD2 tarkoittaa pienyrityksen taloushallinnon pankkiyhteyksien ja turvallisuuden kannalta.

    PSD2 (Payment Services Directive 2) changed the landscape of banking services in the EU. It opened up banking data to third parties and made strong customer authentication (SCA) mandatory. In this article, we will go through what PSD2 means for the banking connections of a small business's financial management.

    What is PSD2?

    PSD2 (Directive (EU) 2015/2366) is an EU payment services directive that came fully into force in 2019. It obliges banks to open interfaces to third parties – such as financial management software.

    In practice, this means that financial management software can:

    • Retrieve account transactions directly from the bank (AISP, Account Information Service Provider)
    • Initiate payments directly from the software (PISP, Payment Initiation Service Provider)
    • Display information from multiple banks in a single view

    SCA – strong authentication

    PSD2 introduced the Strong Customer Authentication (SCA) requirement. It means that electronic payments and account information retrieval require at least two authentication factors out of three:

    1. Knowledge: something the user knows (PIN, password)
    2. Possession: something the user has (phone, authentication app)
    3. Inherence: something the user is (fingerprint, facial recognition)

    In practice, SCA is visible in the fact that activating a bank connection requires confirmation in the bank application or online banking.

    Permissions and security

    Key principles of the PSD2 security model:

    • The financial management software must be a registered AISP or PISP by an authority (in Finland, the Financial Supervisory Authority)
    • The user gives consent to data retrieval – the software does not receive data without permission
    • Consent must be renewed regularly (typically every 90 days)
    • The bank may not block authorized API usage
    • All communication is encrypted

    Security checklist for a small business

    1. Ensure that your financial management software is PSD2-compliant and registered
    2. Use strong authentication when activating the bank connection
    3. Renew bank connection consent on time (do not let it expire)
    4. Regularly check who has access to bank data in your software
    5. "Use multi-factor authentication also when logging into the financial management software"

    "Lire la suite about personal data processing in financial management in our GDPR article."

    "Practical example: a cleaning company and automatic accounting"

    "A ten-person cleaning company previously used online banking and an Excel spreadsheet to monitor cash flow. Adopting bank connectivity in Eemel Accounting changed their daily operations:"

    • "Bank transactions are automatically imported into the software"
    • "Automatic accounting allocates transactions to the correct accounts based on rules"
    • "Cash flow is visible in real-time – no need to log into online banking separately"
    • "The accountant sees the same information without separate data transfers"

    "Try it in practice"

    "Eemel Accounting includes PSD2-compliant bank connectivity and automatic accounting. Cash flow in real time."

    "Try 14 days for free"

    "Frequently asked questions"

    "Is PSD2 bank connectivity secure?"

    "Yes. PSD2 requires strong authentication and encrypted data communication. The service provider must be registered with the authorities."

    "Why does bank connectivity need to be renewed every 90 days?"

    "PSD2 requires consent to be renewed for security reasons. The financial management software reminds you about the renewal."

    "Does bank connectivity work with all Finnish banks?"

    "Most of them. Eemel Accounting supports Finnish banks via the Enable Banking API."

    "Can payments be made via bank connectivity?"

    "Yes, if the software has a PISP license. Eemel Accounting allows payments to be initiated directly from the software."

    "How does bank connectivity differ from manual import of bank statements?"

    "With bank connectivity, transactions arrive automatically and almost in real-time. With manual import, you need to download the bank statement and import it separately."

    "This article is general in nature and does not constitute legal advice."

    Epic Invoicing Oy est derrière Eemel | Numéro d'entreprise: 2571844-9 | N° de VAT: FI25718449

    Société entièrement détenue par des Finlandais | Siège social : Tampere, Finlande