EemelEemel Accounting
    Blog
    Security14.2.2026

    PSD2 ja pankkiyhteydet: turvallisuus pienyrityksen taloushallinnossa

    PSD2 muutti pankkipalvelujen kenttää EU:ssa. Käymme läpi, mitä PSD2 tarkoittaa pienyrityksen taloushallinnon pankkiyhteyksien ja turvallisuuden kannalta.

    PSD2 (Payment Services Directive 2) changed the landscape of banking services in the EU. It opened up bank data to third parties and made strong customer authentication (SCA) mandatory. In this article, we will go through what PSD2 means for the banking connections of a small business's financial management.

    What is PSD2?

    PSD2 (Directive (EU) 2015/2366) is an EU payment services directive that came fully into force in 2019. It obliges banks to open interfaces to third parties – such as financial management software.

    In practice, this means that financial management software can:

    • Retrieve account transactions directly from the bank (AISP, Account Information Service Provider)
    • Initiate payments directly from the software (PISP, Payment Initiation Service Provider)
    • Display information from multiple banks in a single view

    SCA – Strong Customer Authentication

    PSD2 brought with it the Strong Customer Authentication (SCA) requirement. It means that electronic payments and account information retrieval require at least two authentication factors out of three:

    1. Knowledge: something the user knows (PIN, password)
    2. Possession: something the user has (phone, authentication app)
    3. Inherence: something the user is (fingerprint, facial recognition)

    In practice, SCA is visible in the fact that activating a banking connection requires confirmation in a banking application or online bank.

    Access rights and security

    Key principles of the PSD2 security model:

    • The financial management software must be registered as an AISP or PISP by the authority (Financial Supervisory Authority in Finland)
    • The user gives consent to data retrieval – the software does not receive data without permission
    • Consent must be renewed regularly (typically every 90 days)
    • The bank must not prevent authorized interface usage
    • All data communication is encrypted

    Security checklist for small businesses

    1. Ensure that your financial management software is PSD2 compliant and registered
    2. Use strong authentication when activating your banking connection
    3. Renew your banking connection consent on time (don't let it expire)
    4. Regularly check who has access to bank data in your software
    5. "Use multi-factor authentication also when logging into the financial administration software"

    "Czytaj więcej about personal data processing in financial administration in our GDPR article."

    "Practical example: a cleaning company and automatic reconciliation"

    "A ten-person cleaning company previously used online banking and an Excel spreadsheet to monitor cash flow. Adopting a bank connection in Eemel Accounting changed their daily operations:"

    • "Transaction data is automatically imported into the software"
    • "Automatic reconciliation allocates transactions to the correct accounts based on rules"
    • "Cash flow is visible in real-time – no need to log into online banking separately"
    • "The accountant sees the same information without separate data transfers"

    "Try it in practice"

    "Eemel Accounting includes a PSD2-compliant bank connection and automatic reconciliation. Real-time cash flow."

    "Try 14 days for free"

    "Frequently asked questions"

    "Is the PSD2 bank connection secure?"

    "Yes. PSD2 requires strong authentication and encrypted communication. The service provider must be registered by the authority."

    "Why does the bank connection need to be renewed every 90 days?"

    "PSD2 requires consent to be renewed for security reasons. The financial administration software will remind you to renew."

    "Does the bank connection work with all Finnish banks?"

    "Most of them. Eemel Accounting supports Finnish banks via the Enable Banking interface."

    "Can payments be made via the bank connection?"

    "Yes, if the software has a PISP license. Eemel Accounting allows payments to be initiated directly from the software."

    "How does the bank connection differ from manual import of bank statements?"

    "With a bank connection, transactions arrive automatically and almost in real-time. With manual import, you need to download and import the bank statement separately."

    "This article is general in nature and does not constitute legal advice."

    Za Eemel stoi Epic Invoicing Oy | Identyfikator działalności: 2571844-9 | NIP: FI25718449

    Firma w całości z fińskim kapitałem | Siedziba: Tampere, Finlandia