arrow-circle-down arrow-circle-left arrow-circle-up arrow-down arrow-left arrow-line-right arrow-right arrow-up ballon close facebook filter glass lock menu phone play point q question search target twitter

PSD2 (EU Directive on Services de Pagament revised)

Strengthened Authentication of PSD2-SCA Clients

As a consequence of the PSD2 directive of the European Union that affects all clients of banking entities, we have reinforced the verification of your identity so that your online purchases are even more secure.​​​

Conditions for payment services PSD2

On 4 December 2009, the Payment Services Act entered into force. Its main objective was to guarantee that payments made within the European Union, specifically, TRANSFERS, DIRECT DEBITS and payment transactions made by CARD, could be carried out with the same ease, efficiency and security as domestic payments inside Member States. 

Implementation of the Payment Services Act brought important benefits to all European Union citizens; as payments are deposited more quickly, the costs associated with certain transactions could be shared between the originator and the beneficiary. Furthermore, citizens now had a longer period to return bills.

However, the passage of time, the change in our consumption habits, the increase in the use of technologies, the increase in electronic commerce and the search for greater security, has made the payment regulations evolve by the PSD2 (EU Directive 2015/2366 of the European Parliament and of the Council of November 25, 2015 on payment services). Likewise, this Directive was transposed into the Spanish legal system through Royal Decree-Law 19/2018, of November 23, on payment services and other urgent measures in financial matters, repealing, in turn, Law 16/2009, of November 13, with effect of November 25, 2018.​

The main objective of PSD2 is to improve both the security and the convenience of managing payments, especially those made through the Internet. Therefore, now any payment you want to make through an electronic platform with your mobile phone, tablet or computer is much more secure and transparent, and your personal data is further protected.

To make this a reality, a series of security actions and measures have been established that strengthen the identification process, and the necessary communication mechanisms have been defined so that you can grant or withdraw your consent for initiating or executing any payment order whenever you wish.

This European regulation has also brought another series of benefits for all payment service users, such as:

  • If you card is lost or stolen or your card, access code or electronic signature for remote banking is used unlawfully, and transactions are made that were not authorised by you, you are only liable for €50 (fifty euros), instead of the €150 (one hundred and fifty) collected previously.
  • If any payment transaction you make is identified as possibly fraudulent, there is suspicion of fraud or it could pose a security threat, we will contact you immediately to verify the order.
  • For payment transactions made with cards, and under prior authorisation, we will confirm the availability of funds in your account in order to execute or reject the operation. This confirmation will always be made through a secure communication channel, and under no circumstance will the response include your account balance.
  • When we receive a payment transaction ordered by you, as a general rule, it will be executed no later than at the end of the business day following its receipt.

You should also be aware that, with this change in payment regulations, new possibilities have emerged that will allow you to access new and innovative financial services; these will be provided by both traditional financial institutions and other third-party companies:

  • "Account Aggregators," which will enable you to view and consult, in a single setting, all the information on any active accounts you have in any financial institution, including all account transactions.
  • "Payment Initiators," which will allow you to make a payment from your account directly into the account of the business.

In both cases, if you decide to aggregate your accounts or initiate a payment directly through a third party, you must always provide your consent to access your accounts, show their details or manage a payment. Consequently, before you accept the conditions, we recommend that you always read all information in detail, understand what your data will be used for and be sure that you are in a secure environment.

If you want to know more about your rights when making payments in Europe, click on the attached file.

Payment services brochure: rights when making payments in Europe​ >


Information for APIs (Main access mechanism)

The EU directive on payment services, PSD2 (Payment Services Directive 2), allows third-party payment service providers, also known as TPPs (Third Party Payment Service Providers), to access the payment account services of credit institutions under the supervision of the European Banking Authority.

This means that third parties, authorized by their customers, will be able to access their payment accounts in order to start a payment transaction on their behalf and/or recover the status and transactions of the account in order to offer value-added services.

Arquia Banca will offer access to TPPs, through open APIs, to the following services:

  • Payment initiation services: which allow TTPs to initiate a payment order from a bank account that the user has opened in Arquia Banca.
  • Account information services: online services that consolidate all financial data about one or various accounts held by a customer, in a single platform.
  • Confirmation of the availability of funds, enabling TPPs to verify whether the user's payment account contains a specified amount of funds.

TTPs that meet the registration, authorization and supervision requirements of the competent authorities of each State, will be able to access Arquia Banca's APIs, its technical specifications and its testing environment through the following link:

Link to technical specifications


Below you will find the Support contacts depending on the access environment:


Contact details for queries or incidents occurring during the technical setup process in the Sandbox testing environment:

Telephone service: 917282321


Customer service hours: 12x5 (Monday to Friday 8:00 am to 8:00 pm)



Contact details for queries or incidents occurring in the production environment:

Telephone service: 917282321


Customer service hours: 24x7 (Monday to Sunday 00:00 am - 11:59 pm)


TPP will have a service enabled in Arquia Banca for all queries or incidents, in the following email: rsi_psd2@rsi.cajarural.comOpening hours: 24x7 (Monday to Sunday 00:00 am - 23:59 pm).


Below you will find the quarterly statistics published on the availability and performance of APIs and the interface used by their payment service users:

Availability Technical Statistics

Performance Technical Statistics