Frequently asked questions

What is PSD2?
What is the scope of the Directive?
What is the aim of PSD2?
Which are the effects and benefits for the customers?
Is it safe?
Where can I find more information about PSD2?
What do I need to have to access to PSD2 APIs?
How can I access to iCard PSD2 APIs?
Has any API standard been followed?
How are new version of APIs managed?
What is the Developer Portal?
How can I get started using iCard’s Developer Portal?
Where can I find the developer documentation?
How can I register?

What is PSD2?

PSD2 is the new European Directive (2015/2366/EU) which incorporates, complements and substitutes the previous PSD (2007/64/CE), which provided the legal basis for the creation of an EU-wide single market for payment services.

What is the scope of the Directive?

The PSD2 applies to payment services in the European Union. It focuses mainly on electronic payments and does not include, among the others, paper-based payment transactions like cash and cheques.

What is the aim of PSD2?

PSD2 aims to create a single and integrated payment services market, aligning standards for institutional banks and emerging Payment Service Providers (PSPs) and accelerating the digital transformation in payments.

Its main objectives are to:

Contribute to a more integrated and efficient European payments market
Open up payments market to new entrants increasing competition
Promote innovative and internet payment services
Introduce strict security rules for the initiation and processing of of electronic payments and for the protection of consumers’ data

Which are the effects and benefits for the customers?

Authentication processes related to information and transactions must adhere to updated strong authentication requirements.

A significant change is the possibility for customers to allow licensed third party providers (TPP) to access to their online payment account’s information and to initiate payment from their account.

Is it safe?

Customer safety is at the basis of PSD2. No customer data can be accessed any PSP without proper licensing and without having received the customer consent first.

iCard will never give access to third parties access to customer's data without the customer’s specific consent.

Where can I find more information about PSD2?

Here are some useful links:

EU Directive:

https://ec.europa.eu/info/law/payment-services-psd-2-directive-eu-2015-2366_en

https://ec.europa.eu/info/business-economy-euro/banking-and-finance/consumer-finance-and-payments/payment-services/payment-services_en

EBA RTS:

https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32018R0389

What do I need to have to access to PSD2 APIs?

In order to access to PSD2 APIs you need:

To have obtained a license from your National Competent Authority (NCA) to operate as a PSP according to the PSD2 regulation (AISP and/or PISP and/or CBPII)
A passport license to other countries if you want to access PSD2 APIs not only in the country where you obtained the license, but also elsewhere
To have a qualified certificates for electronic seals as defined in Article 3(30) of Regulation (EU) No 910/2014 4 or website authentication as defined in Article 3(39) of that Regulation.

How can I access to iCard PSD2 APIs?

At the moment it is possible to access iCard PSD2 APIs in the Sandbox environment with an eIDAS Qualified Website Certificates (QWACs), provided by a qualified trust service provider published in the EU Trusted List Of Trust Service Providers.

It also possible to access to the Sandbox environment with an eIDAS test certificate, provided that the certificate has to be considered trusted by iCard.

Has any API standard been followed?

Our PSD2 APIs are developed according to the Berlin Group API implementation guidelines.

For further information, please, visit the Berlin Group’s website.

We are committed to comply with further national standards and will follow up on this topic, as soon as official news will be available.

How are new version of APIs managed?

When a new version of APIs become available, iCard publish the new version on the Developer Portal. The old version remains available for at least 3 months, then it’s removed. All the registered parties will be informed about the new APIs or the removal of old ones.

What is the Developer Portal?

It’s the iCard’s website where software developers of TPPs can:

Browse the API catalog and discover our APIs
Read about our overall APIs solution
Find out how to use the APIs and download the Swagger documentation
Find documentation about testing facility, or to interact with test environment APIs
Contact our team for support
Manage the own developer team

How can I get started using iCard’s Developer Portal?

To get full access to iCard Developer Portal, the first step is to register here.

We then suggest to read our Getting Started page for further instructions and have a look at our API catalogue.

Where can I find the developer documentation?

The list of the offered APIs is shown in the API catalogue page.

The complete developer documentation about API catalog and related APIs are accessible only after having completed the registration and the following onboarding process, as described in the Getting Started page.

How can I register?

The Organization administrator can go to the Developer Portal registration page, and will be asked to provide the following information:

Company name
Organization Admin E-mail
Password
Password Confirmation

He/she will then receive a confirmation e-mail to activate the account.

Please consider that the first user registering the TPP is by default an organization administrator.