Glossary

Comprehensive reference for PSD2 and Open Banking terminology, abbreviations, and technical concepts.

Quick Reference

Most Common Terms
Service Types
Certificates

Essential Terms

Term	Description
PSD2	Payment Services Directive 2 - European regulation for electronic payment services
ASPSP	Account Servicing Payment Service Provider (e.g., banks like Paysera)
TPP	Third-Party Provider authorized to access accounts or initiate payments
SCA	Strong Customer Authentication requiring multi-factor authentication
QWAC	Certificate for secure website authentication under PSD2
OAuth 2.0	Authorization framework for secure API access
AIS	Account Information Service for accessing account data
PIS	Payment Initiation Service for initiating payments

PSD2 Services

Service	Provider Type	Description
AIS	AISP	Access account balances and transactions
PIS	PISP	Initiate payments from accounts
FCS	PIISP	Confirm fund availability
SBS	Various	Sign multiple transactions at once

Certificate	Purpose	Required For
QWAC	TLS client authentication	All API requests
QSealC	Transaction signing	Payment initiation
eIDAS	European identity standard	Certificate issuance

Detailed Definitions

🏛️ Core PSD2 Terms

PSD2 (Payment Services Directive 2)

A European regulation for electronic payment services that aims to increase competition, innovation, and security in the payments industry while protecting consumers.

ASPSP (Account Servicing Payment Service Provider)

The traditional type of Payment Institution, such as banks (e.g., Paysera), with which a PSU (payment service user) holds one or more accounts from or to which the PSU issues payments. Every ASPSP must register under PSD2 as a Payment Institution.

TPP (Third-Party Provider)

An authorized entity that accesses a user's bank account data or initiates payments on their behalf under PSD2, typically offering Account Information Services (AIS) or Payment Initiation Services (PIS).

PSU (Payment Service User)

A Payment Service User is essentially a customer—an individual or a corporate entity—with one or more bank accounts.

PSP (Payment Service Provider)

A general term for providers that offer online services for accepting electronic payments by various methods, including credit/debit cards and real-time transfers.

NCA (National Competent Authority)

A regulatory body responsible for overseeing and enforcing financial regulations within a specific country, including the licensing and supervision of Payment Service Providers (PSPs) and Third-Party Providers (TPPs).

XS2A Interface (Access to Account Interface)

An interface provided by an ASPSP to TPP for accessing accounts.

🔐 Authentication & Security

SCA (Strong Customer Authentication)

A security requirement under PSD2 that mandates multi-factor authentication (e.g., something the user knows, has, or is) to enhance the security of electronic payments and reduce fraud.

OAuth 2.0

An authorization framework that enables applications to obtain limited access to user accounts. Used extensively in Open Banking for secure authentication and authorization.

QWAC (Qualified Website Authentication Certificate)

A digital certificate that ensures secure communication between financial institutions by verifying the identity of websites and encrypting data exchanges, as required under PSD2 regulations.

QSealC (Qualified Electronic Seal Certificate)

A certificate used for signing electronic transactions and ensuring data integrity in PSD2 communications. Required for payment initiation and other sensitive operations.

OCSP (Online Certificate Status Protocol)

A protocol used to verify the revocation status of digital certificates in real-time.

💳 Service Types

AIS (Account Information Service)

AIS allows third-party providers to access a user's bank account data, such as balances and transaction history, with the account holder's consent, enabling financial insights and aggregation services.

AISP (Account Information Service Provider)

An AISP aggregates data relating to a PSU's accounts held across one or many different ASPSPs. AISPs must register under PSD2 as Payment Institutions.

PIS (Payment Initiation Service)

A service that enables third-party providers to initiate payments on behalf of a user directly from their bank account, typically under Open Banking regulations.

PISP (Payment Initiation Service Provider)

Payment Initiation Service Providers are granted permission by a payment service user (PSU) to initiate payments on behalf of that PSU.

FCS (Fund Confirmation Service)

FCS allows a Third-Party Provider (TPP) to verify whether a Payment Service User (PSU) has sufficient funds in their account before initiating a transaction.

PIIS (Confirmation of Funds Service)

It allows a third-party provider (usually a card issuer) to confirm whether sufficient funds are available in a user's account before processing a transaction.

PIISP (Payment Instrument Issuing Service Provider)

An entity that issues payment instruments (such as debit or credit cards) and can verify a user's account balance through the Confirmation of Funds service.

SBS (Signing Baskets Service)

The Signing Baskets Service (SBS) allows users to sign multiple payment or transaction requests in a single authorization process, streamlining approval workflows.

🔄 Authentication Flows

Redirect Flow

An authentication flow where the user is redirected from the TPP application to the ASPSP's authentication page and then back to the TPP after successful authentication.

Embedded Flow

An authentication flow where the PSU provides their credentials directly to the TPP, which then forwards them to the ASPSP. Currently not supported by Paysera.

Decoupled Flow

An authentication flow where the PSU authenticates on a separate device (e.g., mobile app) while the TPP waits for confirmation. Currently not supported by Paysera.

📋 Consent Types

A consent given by PSU to access specific accounts. The TPP must explicitly list which accounts they want to access.

A consent that grants access to all available accounts without explicitly listing them. Can be configured with different scopes like allAccounts or allPsd2.

💸 Payment Products

Domestic Payments

Payments within the same country using local payment schemes.

Foreign Payments

Cross-border payments in foreign currencies.

SEPA Credit Transfers

Euro payments within the Single Euro Payments Area following SEPA standards.

Instant SEPA Credit Transfers

Real-time euro payments within SEPA that are processed within seconds.

Target-2 Payments

Large-value payment system used for euro transfers between European central banks.

Cross-Border Credit Transfers

International payments outside SEPA region.

🏦 Technical Terms

API (Application Programming Interface)

A set of rules and protocols that allows different software applications to communicate and exchange data seamlessly.

BICFI (Bank Identifier Code of a Financial Institution)

An internationally standardized unique identifier for financial institutions used to facilitate secure and accurate cross-border transactions.

Status Codes

📊 Transaction Status Codes

Status	Description
ACCP	AcceptedCustomerProfile - Payment initiation has been accepted for processing
ACSC	AcceptedSettlementCompleted - Settlement on the debtor's account has been completed
ACSP	AcceptedSettlementInProcess - Payment is being processed
ACTC	AcceptedTechnicalValidation - Authentication and syntactical checks successful
ACWC	AcceptedWithChange - Payment accepted but modified
ACWP	AcceptedWithoutPosting - Payment instruction included in the report has been accepted without being posted to the creditor customer's account
CANC	Cancelled - Payment initiation has been cancelled
PART	PartiallyAccepted - Part of the payment is accepted
PATC	PartiallyAcceptedTechnicalCorrect - Payment partially accepted, technically correct
PDNG	Pending - Payment initiation is pending
RJCT	Rejected - Payment initiation has been rejected
RCVD	Received - Payment initiation has been received by the receiving agent

✅ Consent Status Codes

Status	Description
received	The consent data has been received and is being processed
valid	The consent has been accepted and is valid for use
rejected	The consent has been rejected
expired	The consent has expired and is no longer valid
revoked	The consent has been revoked by the PSU
terminatedByTpp	The consent has been terminated by the TPP

Quick Reference​

Essential Terms​

PSD2 Services​

Digital Certificates​

Detailed Definitions​

PSD2 (Payment Services Directive 2)​

ASPSP (Account Servicing Payment Service Provider)​

TPP (Third-Party Provider)​

PSU (Payment Service User)​

PSP (Payment Service Provider)​

NCA (National Competent Authority)​

XS2A Interface (Access to Account Interface)​

SCA (Strong Customer Authentication)​

OAuth 2.0​

QWAC (Qualified Website Authentication Certificate)​

QSealC (Qualified Electronic Seal Certificate)​

OCSP (Online Certificate Status Protocol)​

AIS (Account Information Service)​

AISP (Account Information Service Provider)​

PIS (Payment Initiation Service)​

PISP (Payment Initiation Service Provider)​

FCS (Fund Confirmation Service)​

PIIS (Confirmation of Funds Service)​

PIISP (Payment Instrument Issuing Service Provider)​

SBS (Signing Baskets Service)​

Redirect Flow​

Embedded Flow​

Decoupled Flow​

Dedicated Consent​

Global Consent​

Domestic Payments​

Foreign Payments​

SEPA Credit Transfers​

Instant SEPA Credit Transfers​

Target-2 Payments​

Cross-Border Credit Transfers​

API (Application Programming Interface)​

BICFI (Bank Identifier Code of a Financial Institution)​

Status Codes​

Resources​

📖 Documentation​

🌍 API Versions​

🔗 External References​