Learn about the changes resulting from PSD2 and what you need to observe as a merchant

PSD2 is an EU Directive that regulates payment services and payment service providers. It applies to payments in EU/EEA currencies between payment service providers based in the EU/EEA region. It also applies partially to payments in non-EU/EEA currencies (for example US dollars or British pounds), as well as when a payment service provider is based outside the EU/EEA region (for example in Switzerland or the US).

Objectives with introduction of PSD2

To provide greater convenience, affordability and security

Making payment transactions more convenient, affordable and secure for consumers

To promote competition

Promoting competition between banks and financial services providers (open banking)

To promote innovations

Open interfaces, new cooperation models, data exchange in real time: open banking will lead to innovations in the banking sector

New developments

Payment institutions

Payment institutions like Unzer are to be granted access to bank data and bank accounts. The basic premise behind this decision is that the data and accounts are actually owned by the respective account holders and not by the banks. Express authorisation must then be granted by the respective account holders for payment institutions to retain access to the bank accounts.

Bank accounts

Access to the bank accounts should allow a network of both new and existing solution providers to be established. The new solution providers will primarily be account information service providers (AISPs) and payment initiation service providers (PISPs).


The rules on payment fees are also being revised. Accordingly, companies such as organisers/promoters or airlines will no longer be allowed to charge extra credit card fees.

Customer protection

Customer protection is also being strengthened. The goal with Strong Customer Authentication (SCA) – also known as two-factor authentication – is to make misuse of data significantly more difficult.


In order to comply with the requirements of PSD2 when processing credit card payments, there is a new version of 3D Secure. This is for example known as "Verified by Visa" or "MasterCard Identity Check" in the card networks.

Unzer Service

Unzer has integrated the future service in such a way that no difference from the current 3D Secure can be technically determined.

What you now need to observe as a merchant


If you are using a module from Unzer or Heidelpay, you are already well prepared. However, we still recommend performing the following to be absolutely sure:

  • An update of the module
  • Testing of 3D Secure in the current test system


If you are not using an iFrame, but are integrating as follows:

  • Charges or reservations are submitted via XML (requires an up-to-date PCI certificate)
  • Charges or reservations are submitted via SGW POST (requires an up-to-date PCI certificate)
  • Charges or reservations are submitted via NGW POST without frontend parameters (requires an up-to-date PCI certificate)
  • As a general rule, we always recommend integrating our iFrame

Subscription models

If you are using referenced bookings that refer to an initial registration (REG) (this is the case with subscription models, yet also with recognition in the shop)

  • In future, more information will be passed on to the card issuers via the interfaces. However, this information already comprises mandatory fields in our interfaces anyway, meaning that there is no extra work for you here


If you are using direct integration but do yet have 3D Secure, we recommend performing testing on our test system to determine whether the current integration already works with 3D Secure.

Integration guide 3DS

Two-factor authentication is being made compulsory for all payment transactions on the Internet from January 1, 2021 onwards. The operators of the credit card networks use the so-called 3D Secure process to meet this obligation. As a merchant, you must therefore make absolutely sure that you can perform this process for your customers from January 1, 2021 onwards. The following provides a description of the various integration options.

Do you still have questions? If so, please contact our sales team

Send a short e-mail

Send us an e-mail with your general questions. We will get back to you quickly.

Call the new customer support line

Our in-house call centre is on hand to help you from 9:00 am to 5:00 pm Monday to Friday. Germany: +49 (0)6221 43101-00 Austria: +43 (0)1 513 66 33 600

Call the existing customer support line

Should you have any questions regarding current contracts/agreements, our colleagues will be happy to help. Germany: +49 (0)6221 43101-00 Austria: +43 (0)1 513 66 33 669