PSD2 and HSM-as-a-Service

PSD2 and HSM as a Service - part 3 - the opportunity for banks

The Revised Payment Services Directive (PSD2) mandates certain changes that has the potential to significantly alter how the payments industry operates in the EU. How can these threats be turned into opportunities for banks and how can HSM as a service help?

This series on PSD2 and HSM as a Service explores the endless possibilities created by a level playing field in the payments industry in the EU. Part 1 explored how PSD2 and HSM as a Service enable this level playing field while Part 2  looked at just a few of the truly endless possibilities that exist for FinTech firms and other third-party entities that can act as AISPs and PISPs.

The benefits of these tools, however, are not only restricted to the new entrants. The incumbent banks can just as well make full use of the opportunities provided by PSD2 and play the role of innovators and entrepreneurs themselves! Good business, after all, is about turning potential threats into profitable opportunities.

Using all that data!

PSD2 mandates banks to open certain APIs and share some very basic information with third party partners and the possibility to initiate transactions. However, in terms of sheer data value, banks have access to a whole wealth of other information. This information can be monetized and used to provide entirely new products to end customers and a better user experience for existing products.

There are endless possibilities of such new or improved products and services. For example, a bank can use online shopping data (with consent) to get valuable insight into customer habits and then package and sell this insight to eCommerce partners. Banks can thus essentially add value to the advisory services that they already provide to their clients. There is also the possibility of offering customers third party services like insurance or real estate services right on the banking portal itself. The necessary KYC and AML checks would already be in place, along with some financial information.

Account Aggregation

PSD2 creates the possibility of having a single-window banking platform. This means that retail and even corporate clients can have all their bank information and balances in a single place and even perform transactions from there. This could lead to tremendous cost saving for business clients operating multiple accounts and really enhance the user experience for retail customers.

These services can indeed be offered by non-bank entities as well, but banks have the advantage of having robust security standards and trusted brands already in place. In the end, the winner would be the one who can offer the best user experience and the best security.

The role of HSM as a Service

PSD2 levels the playing field in some ways but there are other potential hurdles. For example, providing world class security through an on-premises HSM solution can be costly or technically challenging. This is where HSM as a Service comes in. Such services can allow entities to make full use of the security provided by HSMs without having to make significant capital investments or training staff.

Companies can benefit from the scalability and flexibility advantage that cloud services provide without having to compromise on standards.


Many consider directives like PSD2 to be disruptive. But disruption can often be good. By shaking up the market, such disruptive changes allow innovative market participants to create entirely new product offerings or greatly enhance their existing services.

Tools like HSM as a Service can then level the playing field by providing everyone access to industry leading yet cost effective solutions.

About the author

Ulrich Scholten is an internationally active entrepreneur and scientist. He holds a PhD in information technology and owns several patents on cloud-based sensors. His research on cloud computing is regularly published in highly rated journals and conference papers. From 2008 - 2015, he was associated research scientist at the Karlsruhe Service Research Institute (KSRI), a partnership by KIT and IBM, where he researched network effects around web-platforms together with SAP Research.

To find more blog posts related with below topics, click on one of the keywords:

How can we help you?

Talk to one of our specialists and find out how Utimaco can support you today.
You have selected two different types of downloads, so you need to submit different forms which you can select via the two tabs.

Your download request(s):

    By submitting below form you will receive links for your selected downloads.

    Your download request(s):

      For this type of documents, your e-mail address needs to be verified. You will receive the links for your selected downloads via e-mail after submitting below form.

      About Utimaco's Downloads

      Visit our Downloads section and select from resources such as brochures, data sheets, white papers and much more. You can view and save almost all of them directly (by clicking the download button).

      For some documents, your e-mail address needs to be verified. The button contains an e-mail icon.

      Download via e-mail


      A click on such a button opens an online form which we kindly ask you to fill and submit. You can collect several downloads of this type and receive the links via e-mail by simply submitting one form for all of them. Your current collection is empty.