PSD2 & API

PSD2
Open API
Strong Customer Authentication
FAQ

What is PSD2?

Considering rapid changes in online commerce and payment services, the second Payment Services Directive (PSD2) is designed to revolutionize and improve the openness, transparency and security of the payments industry in European Union. Here at PingPong, we are committed to provide fast and secure payments, so we are pleased to endorse PSD2 and help you to upgrade your online services.

PSD2 Objectives

  • Increase customer security — PSD2 requires Strong Customer Authentication (SCA) using multi-factor authentication in the customer authentication process, which is used to validate the identity of the user of a payment service or a payment transaction.
  • Foster competition and innovation — PSD2 regulates the access by account information service providers (AISPs), payment initiation service providers (PISPs) and card-based payment instrument issuers (CBPIIs) to payment service user (PSU) payment account data held with their account servicing payment service providers (ASPSPs). By making these services regulated, the hope is that lingering concerns about customer security and data protection can be addressed.
  • Secure communication and data exchange — Under PSD2, customers can link their bank accounts to payment related services provided by third party service providers (TPPs). Banks are obliged to allow these TPPs to securely access their customers’ accounts by using electronic Identification, Authentication and trust Services (eIDAS) certificates for electronic signatures and electronic seals. TPPs are obliged to obtain the required license and comply with the eIDAS framework.

Learn More

For more information or any other questions about PSD2, please access the Official Journal of the European Union of 23 December 2015 or websites of European Parliament and Council of the European Union: https://ec.europa.eu/info/law/payment-services-psd-2-directive-eu-2015-2366_en

API Introduction

Here at PingPong we believe that the best way to create value for our customers is through openness and collaboration. So we translated the regulatory compliance, security, and licensing requirements into an end-to-end international payment solution via API services, which allow our clients to access other opportunities around the world via a single API integration with their preferred TPPs.

Our APIs are built in Java, using the Spring framework for high scalability and robustness, and secured via IP whitelisting and SHA-256 hashing. To secure data transferred in our API and ensure maximum convenience for TPPs, we have applied the eIDAS framework, relying on qualified certificates for mutual identification and authentication during the process of establishing a secure communications channel using transaction layer security (TLS).

API Service Scope

Our API is designed to be flexible and give you control in how and when you convert currencies, make payments and manage your accounts. Below are the available services you can access via API endpoints currently:

  • Balance Enquiry
  • Transaction Authorization
  • Access Transaction Records

More API services will be made available in the near future.

API Access Procedure

Pre-Test

Explore our API documentation and dedicated sandbox environment.

1

Connection

Contact PingPong to help you set up the API connectivity.

2

Go-Live

Go-live of the API integration.

3

Our API has been designed with RESTful principles to make integration familiar, easy and quick. You can find the API documentation here.

Purpose of SCA

As remote electronic payment transactions are subject to a higher risk of fraud, Strong Customer Authentication (SCA) needs to be applied. It is a mandatory and crucial rule for European payment institutions, which aims to reduce the likelihood of fraudulent activity taking place and enhance the protection of user information.

SCA Implementation Process

At PingPong, we perform SCA through a two-factor authentication method (2FA) using ‘knowledge’ (something only the user knows, such as a password ) and ‘possession’ (something only the user possesses such as a one-time code generated by a security token or access through a trusted device, such as a SMS).

The SCA process is implemented as below:

1.    Input your account information      
When initiating a payment or accessing account information, customers need to input their login username and password on the screen PingPong displayed.

2.    Two-factor authentication      
Customers need to input the verification code or one-time 6-digit confirmation code received via SMS to perform the SCA 2FA process.

3.    Confirm access      
Upon successfully entering the passcode, customers will be authenticated, and the action processed.

You can find a detailed description of the SCA integration in the API documentation, which is published here.

Contact us

In case of questions, do not hesitate to reach out to us via psd2-api@pingpongx-eu.com.

Q:What does PDS2 mean for consumers?

A:PSD2 introduces more competition in the payments industry by allowing non-bank companies to offer new innovative services to their customers. So customers will access and process their personal data and finances more efficiently and transparently. Also, PSD2 aims to improve the security of payment and make customers less vulnerable to fraud, as well as reduce cost of payment services by canceling payment surcharges.

Q: Who can access to the Open API?

A:Any TPP can access our APIs, as long as:

  • They have registered successfully as TPPs.
  • They have got the customer’s consent.

Q: When do I need to implement SCA?

A: At PingPong, customers may need to do SCA authentication in the following scenarios: a) while consenting to TPPs; b) initiating a payment transaction; c) querying the transaction history; d) supplier account management; e) VAT payment.

Q: What if I am unable to implement SCA?

A: Apart from the given SCA exemptions, if you cannot finish the 2FA authentication process, then no payment will be made and according transaction will not be processed.

You will either need to re-authenticate via SCA or contact your TPPs or us. Until SCA is implemented successfully, no payment will take place.

Q:How is customer’s personal data protected?

A:Under PSD2, all data processing can only take place with the clear consent of customers and account holders are able to apply control over the data transmission process. In addition, payment service providers are permitted to access and deal with those necessary data for the provision of services customers have agreed to and they have to inform their customers about how the data will be processed.

Follow us on

Facebook

YouTube

Linkedin

Instagram

2015-2025 © PingPong All rights reserved.