EemelEemel Accounting
    Blog
    Security14.2.2026

    PSD2 ja pankkiyhteydet: turvallisuus pienyrityksen taloushallinnossa

    PSD2 muutti pankkipalvelujen kenttää EU:ssa. Käymme läpi, mitä PSD2 tarkoittaa pienyrityksen taloushallinnon pankkiyhteyksien ja turvallisuuden kannalta.

    PSD2 (Payment Services Directive 2) changed the landscape of banking services in the EU. It opened up bank data to third parties and made strong authentication (SCA) mandatory. In this article, we will go through what PSD2 means for a small business's financial administration bank connections.

    What is PSD2?

    PSD2 (Directive (EU) 2015/2366) is an EU payment services directive that came fully into force in 2019. It obliges banks to open up interfaces to third parties – such as financial administration software.

    In practice, this means that financial administration software can:

    • Retrieve account transactions directly from the bank (AISP, Account Information Service Provider)
    • Initiate payments directly from the software (PISP, Payment Initiation Service Provider)
    • Display information from multiple banks in a single view

    SCA – strong authentication

    PSD2 introduced the Strong Customer Authentication (SCA) requirement. It means that for electronic payments and account information retrieval, at least two authentication factors out of three are required:

    1. Knowledge: something the user knows (PIN, password)
    2. Possession: something the user has (phone, authentication app)
    3. Inherence: something the user is (fingerprint, facial recognition)

    In practice, SCA is reflected in the fact that activating a bank connection requires confirmation in the banking application or online bank.

    Access rights and security

    Key principles of the PSD2 security model:

    • The financial administration software must be registered as an AISP or PISP by the authorities (in Finland, the Financial Supervisory Authority)
    • The user gives consent for data retrieval – the software does not receive information without permission
    • Consent must be renewed regularly (typically every 90 days)
    • The bank must not prevent authorized interface use
    • All communication is encrypted

    Security checklist for a small business

    1. Ensure that your financial administration software is PSD2-compliant and registered
    2. Use strong authentication when activating a bank connection
    3. Renew bank connection consent on time (do not let it expire)
    4. Regularly check who has access to bank information in your software
    5. ""Use multifactor authentication also when logging into financial management software""

    ""Leggi di più about personal data processing in financial management in our GDPR article.""

    ""Practical example: a cleaning company and automatic accounting""

    ""A ten-person cleaning company previously used online banking and an Excel spreadsheet to monitor cash flow. The adoption of Eemel Accounting changed their daily routine:""

    • ""Bank transactions are automatically imported into the software""
    • ""Automatic accounting assigns transactions to the correct accounts based on rules""
    • ""Cash flow is visible in real-time – no need to log into online banking separately""
    • ""The accountant sees the same information without separate data transfers""

    ""Try it in practice""

    ""Eemel Accounting includes PSD2-compliant bank connectivity and automatic accounting. Cash flow in real time.""

    ""Try 14 days free""

    ""Frequently asked questions""

    ""Is PSD2 bank connectivity secure?""

    ""Yes. PSD2 requires strong authentication and encrypted data communication. The service provider must be registered by the authorities.""

    ""Why does bank connectivity need to be renewed every 90 days?""

    ""PSD2 requires consent to be renewed for security reasons. The financial management software will remind you to renew.""

    ""Does bank connectivity work with all Finnish banks?""

    ""Most of them. Eemel Accounting supports Finnish banks via the Enable Banking interface.""

    ""Can payments be made through bank connectivity?""

    ""Yes, if the software has a PISP license. Eemel Accounting allows initiating payments directly from the software.""

    ""How does bank connectivity differ from manual statement import?""

    ""With bank connectivity, transactions appear automatically and almost in real-time. With manual import, you need to download the statement and import it separately.""

    ""This article is general in nature and does not constitute legal advice.""

    Dietro Eemel c'è Epic Invoicing Oy | Partita IVA / ID azienda: 2571844-9 | Partita IVA: FI25718449

    Azienda interamente di proprietà finlandese | Sede legale: Tampere, Finlandia