What is a PISP?

A PISP will be able to initiate payments on behalf of a customer from the customer's account with a bank (the ASPSP).

For example, someone making a purchase online can initiate a credit transfer via a PISP instead of using a debit or credit card. When customers choose this option, they agree to share their bank credentials with the PISP. The PISP then initiates a payment for the customer and the ASPSP will then execute the payment and debit the customer's account.

Under PSD2, a PISP must:

  • Have a PISP licence in their home country, and get passporting rights to operate in other European host countries.
  • Not hold the payer's funds at any time, but only initiate payments in connection with the provision of the payment initiation service.
  • Ensure that the personalised security credentials of the customer are not accessible to any other parties, and that they are transmitted by the PISP through safe and efficient channels.
  • Ensure that any other information about the customer, obtained when providing payment initiation service, is only provided to the payee and only with the customer's explicit consent.
  • Ensure that every time a payment is initiated, communications between all parties are conducted in a secure way.
  • Not store sensitive payment data of the customer. Not request from the customer any data other than that which is necessary to provide the payment initiation service.
  • Not use, access or store any data for purposes other than for the provision of the payment initiation service as explicitly requested by the payer.
  • Not modify the amount, the recipient or any other feature of the transaction.

Every time a payment is initiated, communications between all parties must be conducted in a secure way.

You are leaving the HSBC Commercial Banking website.

Please be aware that the external site policies will differ from our website terms and conditions and privacy policy. The next site will open in a new browser window or tab.