What is DSP2?
On 14 September 2019, the next wave of provisions of the second European Directive on Payment Services (DSP2) took effect across the European Economic Area (EEA).
It aims to:
- allow information service providers ('aggregators') to access and collect information about your payment accounts
- authorise payment service providers to make payments
- make your payments safer and more secure
- guarantee your data is better protected
This affects your account, online banking and services such as online card payments.
As a result, our general terms and conditions will be updated to take these regulatory and technical changes into consideration.
What's changing for you
- when you make online card payments, you'll have to confirm your payments more often. This will depend on the merchant and the potential fraud risk of your transaction
- if you’re an online banking customer, you’ll have to log on with your Secure Key at least once every 90 days to access your online banking account. This doesn’t affect Digipass users
- the maximum total for contactless payments overseas is set at €70 (instead of the current €80). In France, the total allowance remains at €80
Your payment rights in Europe
Read the European commission's leaflet about your rights when you make payments in Europe.
Important
- if you allow an aggregator or a payment service provider to access your data, they’ll have access to all your online banking information. They won’t be restricted to your payment account information
- if someone else on your account, such as an additional cardholder, uses an aggregator or a payment service provider, they'll gain access to your accounts. If you’d prefer to avoid this, contact us to block the other user
Synchronise all your bank accounts with your HSBC account. Find out about our Personal Economy(1) app.
Our advice
Do you have a physical Secure Key but mainly check your accounts on your mobile? To enjoy a simpler, faster connection with our app, switch to a digital Secure Key.
To help ensure your online card payments go through, update your phone details. At the same time, check your email and home addresses are up to date.
What's changing for e-merchants
3D Secure activation will be mandatory for all payments made on your ecommerce website with cards issued in the EEA.
Without 3D Secure, online card payments may be rejected. As now, you'll be financially liable even if the transaction would have been authorised.
Our advice
If you haven't activated 3D Secure, contact your payment service provider by 14 September 2019 at the latest.
For payment service providers
Our developer portal enables aggregators and payment service providers to develop products and services that meet the latest European payment standards (DSP2). You’ll find all the information you need and be able to test your application programming interfaces (API).