Card-based authentication protocol.

A regulated entity under PSD2 authorised to access payment account data; considered a precursor to the broader Financial Information Service Provider (FISP) under FiDA.

A PSD2-defined institution (typically a bank) that provides access to customer account data. ASPSPs will act as “Data Holders” under FiDA.

Non-judicial dispute settlement.

A regulatory framework requiring controls to detect and prevent money laundering.

A set of technical rules enabling secure, machine-to-machine communication.

Licensing of PSPs.

A set of procedures ensuring that organisations’ operations remain available during disruptions, outages or crises.

A governance body overseeing and approving controlled changes to FDSS technical components, rulebooks and interoperability standards.

Explicit permission given by a user for data access.

Represents Member States in EU law making.

Terrorist financing controls.

A conceptual mechanism ensuring that authorised PSD2 TPPs/FISPs in one Member State can access data in another.

A consumer’s financial data that can be shared with regulated entities with their explicit consent. 

Frameworks and technologies managing user authentication and authorisation in consumer dashboards and consent journeys.

Technical intermediary under FiDA.

Any institution required by FiDA to provide access to financial data, including banks, insurers, pension providers, investment firms and leasing companies.

Limiting data collection.

National privacy regulator.

A GDPR-required assessment conducted for high-risk data processing activities, relevant for FDSS operators due to sensitive personal data flows.

A formal, governance framework that sets the rules, standards and processes for how customer financial data is accessed and exchanged under FiDA.

A regulated entity accessing financial data under FiDA; typically a Financial Information Service Provider (FISP).

Commission-adopted rules.

An EU regulation establishing information and communication technology (ICT) risk and resilience requirements. 

Broad EU legislation regulating digital platforms.

Department of the European Commission (EC) responsible for policy & legislation on financial services, financial stability, banking, payments, capital markets and sustainable finance.

 A cyberattack intended to disrupt service availability. 

An organisation authorised to issue electronic money and provide related payment services.

Digital payment transaction.

EU supervisory authority responsible for ensuring effective and consistent prudential regulation and supervision across the EU banking sector.

The central bank of the euro area. It is responsible for managing the euro and conducting monetary policy for the countries that use it.

Executive institution of the EU responsible for proposing EU legislation, implementing and enforcing EU law and overseeing its application.

A secure digital identity solution under eIDAS 2.0 that may play a role in consumer authentication and consent management.

EU supervisory authority responsible for promoting sound regulation and consistent supervision of the insurance and occupational pensions sectors.

Represents the citizens of the Union. Together with the Council, it exercises legislative and budgetary functions.

EU supervisory authority responsible for safeguarding the stability of the EU financial system by enhancing the integrity, transparency, efficiency and orderly functioning of securities markets.

Collective term for the EU supervisory authorities (EBA, ESMA and EIOPA) responsible for financial supervision across the EU.

Jurisdiction issuing PSD3, PSR and FiDA.

Remuneration for data access.

The proposed EU regulation establishing rights and obligations for secure financial data access and sharing across the Union.

A regulated structure under FiDA that governs data-sharing rules, accreditation, directories, interoperability, security and dispute resolution.

The regulated data-user category under FiDA consuming data from financial institutions to power products and services.

High-security API profile used for financial data-sharing flows; relevant for FDSS trust frameworks.

Systems and processes used by financial institutions or PSPs to monitor transactions, detect suspicious activity, prevent fraud and report incidents.

The EU’s central data-protection regulation. 

A combined set of processes, boards, rulebooks and decision-making bodies defining and/or operating schemes.

Payee verification requirement.

Technologies and controls managing how users and systems access infrastructure and data.

Legally binding technical specifications developed by ESAs to ensure harmonised implementation of PSD, FiDA etc. obligations.

IT systems and infrastructure.

Unique identifier for bank accounts.

The combination of technical, operational and governance standards that enable cross-scheme, cross-border data access.

A structured messaging standard widely used in financial services.

Identity-verification processes required for participant accreditation and onboarding.

A globally recognised identifier used to uniquely reference regulated firms during accreditation and directory listings.

Capabilities for tracking performance, uptime, anomalies and security events.

A protocol enabling mutually authenticated connections between participants and services.

National financial supervisor responsible for supervising regulated organisations in its Member State.

EU cybersecurity directive establishing mandatory risk, incident response and reporting obligations.

Publishes adopted EU legislation.

Digital dispute platform.

A modern protocol for secure authorisation flows used in financial data exchanges.

European PSD-based data access to payment accounts.

Broader data-sharing framework under the proposed Financial Data Access (FiDA) regulation.

An identity layer built on OAuth2 enabling secure authentication in consumer and business journeys.

Delegation of operational functions to third parties.

Cross-border service provision under PSD and FiDA.

Account used for payment transactions.

A PSD2 entity authorised to initiate payments on behalf of users.

Regulated entity providing payment services.

Consumer or business using services.

EU legislative framework regulating payment services.

The regulatory successor to PSD2, establishing directly applicable rules for payment services, including API access, fraud prevention and consumer protection.

Interface to manage user consents under PSD and FiDA.

Personal data protected under the European GDPR.

Regulatory binding technical rules under the Payment Services Directive.

Under FiDA, the entity responsible for governing, managing and enforcing the FDSS rulebook and operational processes.

Under FiDA; the entity that legally establishes the Financial Data Sharing Scheme (FDSS) and holds ultimate accountability for its strategic direction, purpose and regulatory compliance.

Current regime governing payment services and open banking, soon to be superseded by PSD3 and the PSR.

A tool used within the FDSS SOC to log, analyse and identify suspicious or anomalous behaviour.

A payment scheme enabling non-urgent euro credit transfers to be executed between payment accounts in the Single Euro Payments Area (SEPA), based on common standards and processing rules.

A payment scheme that allows credit transfers in euros to be executed within seconds, with funds made available to the payee immediately, at any time of day, every day of the year.

A harmonised payments area in which euro credit transfers and direct debits are executed under common rules, standards and infrastructure, enabling cross-border payments to be treated the same as national payments.

Common data formats.

Multi-factor user authentication based on the use of two or more elements categorised as knowledge, possession and inherence, that are independent, in that the breach of one does not compromise the reliability of the others and is designed in such a way as to protect the confidentiality of the authentication data.

A regulated entity authorised to access payment account data or initiate payments under PSD2.

Upcoming directive of the European Union establishing rules for the authorisation, supervision and operation of payment service providers and for the execution of payment services, focusing on licensing, supervision and fraud.

Disclosure obligations.

An authentication mechanism in which access is granted only after successfully presenting two independent authentication factors from different categories.

An unauthorised or fraudulent payment transaction.