A Comprehensive Guide to the Modern Payment Ecosystem: PSD2, PSP, ASPSP, PISP, AISP, CBPII, and Developer Responsibilities
- Wise-Pay Team
- Jan 26
- 6 min read
In today’s digital economy, electronic payments are a cornerstone of commerce. From mobile apps and e-commerce platforms to bank transfers and debit/credit cards, the way money moves is undergoing a rapid transformation. This evolution is fueled by modern regulations (like PSD2), the rise of specialized players (e.g., PISPs, AISPs, CBPIIs), and sophisticated payment platforms (like Wise Pay).
This blog post aims to provide a comprehensive overview of all the critical components in the modern payment ecosystem—covering regulatory frameworks (PSD2), the various roles (PSPs, ASPSPs, PISPs, AISPs, CBPIIs), and what it means to be a software developer in this domain.
1. Overview of the Payment Ecosystem
At a high level, the payment ecosystem involves several entities that work together to move money from a payer (customer) to a payee (merchant or service provider). Key components include:
Regulations: Ensure security, innovation, and competition (e.g., PSD2).
Banks / Financial Institutions: Store customer funds and offer services (ASPSPs).
Payment Service Providers (PSPs): Provide technical solutions to process payments.
Third-Party Providers (TPPs): Provide specialized services like initiating payments (PISP), aggregating account info (AISP), issuing card-based instruments (CBPII).
Customers & Merchants: End users who pay or receive funds.
Below is a quick-reference table of key terms you’ll encounter:
Term | Definition | Examples / Key Points |
PSD2 | EU regulation that mandates secure, open access to payment account information and payment initiation. | Introduced Strong Customer Authentication (SCA), Open Banking, fosters innovation by requiring banks to open APIs. |
PSP | Payment Service Provider that offers the technology and infrastructure to accept and process online/offline payments. | Stripe, PayPal, Adyen, Worldpay. Manages transactions, security, fraud prevention, reporting, multi-currency support, etc. |
ASPSP | Account Servicing Payment Service Provider—the bank or institution that holds a user’s payment account. | Traditional banks (e.g., HSBC, Deutsche Bank), digital-only banks, and e-money institutions. |
PISP | Payment Initiation Service Provider—initiates payments from a user’s bank account directly, upon user consent. | Used for online bank transfers. Bypasses card networks by connecting directly with the ASPSP’s API. |
AISP | Account Information Service Provider—aggregates account data across multiple banks for a single user. | Budgeting apps, dashboard that shows balances across different bank accounts, credit cards, etc. |
CBPII | Card-Based Payment Instrument Issuer—issues card-like instruments linked directly to the user’s existing bank account. | Enables debit-like card solutions without creating a new bank account; must check availability of funds in real time. |
Merchant | The business that sells goods/services. | Integrates with PSP for payment acceptance. |
Customer | The individual or entity paying for goods/services. | Uses payment methods (cards, bank transfers, digital wallets). |
2. What Is PSD2?
PSD2 (Payment Services Directive 2)—formally known as Directive (EU) 2015/2366—is a landmark piece of legislation introduced by the European Union to:
Encourage Innovation and Competition
Through Open Banking, it obligates banks (ASPSPs) to provide secure APIs to authorized third-party providers (PISPs, AISPs, CBPIIs).
This levels the playing field for fintech startups to offer new, competitive services directly connected to bank accounts.
Improve Customer Protection
Mandates Stronger Customer Authentication (SCA), requiring multi-factor authentication for electronic payments.
Increases transparency around fees and exchange rates, enhancing consumer trust.
Enhance Security
Requires secure communication protocols between banks and TPPs.
Sets guidelines for risk management and fraud reduction.
Real-World Example:A user opens a financial management app (an AISP) to see all of their bank accounts in one place. Thanks to PSD2, the AISP securely fetches the user’s transaction history from multiple banks through open APIs, all with the user’s explicit consent.
3. Payment Service Provider (PSP): The Key Enabler
A PSP is the technology hub that connects merchants with multiple payment methods (cards, bank transfers, wallets, etc.). PSPs handle:
Payment Processing: Authorizing and settling transactions via card networks or direct bank integrations.
Security & Compliance: Meeting PCI DSS standards, preventing fraud, and supporting regulations like PSD2.
Integration & Tools: Offering APIs, SDKs, and plugins for easy integration into websites, mobile apps, and point-of-sale systems.
Reporting & Analytics: Providing dashboards to manage transactions, settlements, refunds, and chargebacks.
Common PSPs include Stripe, Adyen, PayPal, Worldpay, and Braintree, but there are hundreds of regional and specialized providers worldwide.
3.1 Main Actors in a PSP Ecosystem
When a transaction is processed through a PSP, several entities come into play:
Actor | Role | Interaction |
Customer | Initiates the payment for a purchase or service. | Enters card/bank details at checkout. |
Merchant | Sells goods/services and integrates a PSP to handle payments. | Sends transaction details to the PSP’s gateway. |
PSP | Manages the technical flow of payment authorizations and settlements. | Routes transaction data to banks/card networks, mitigates fraud. |
Acquiring Bank | Works with the merchant to process card transactions and deposit funds into the merchant’s account. | Receives transaction info from the PSP; coordinates with card networks. |
Card Networks | (Visa, Mastercard, etc.) Provides the infrastructure for routing payment requests between issuers/acquirers. | Defines rules for authorization and handles interchange fees. |
Issuing Bank | Issues payment cards to customers and approves or declines transactions. | Verifies the customer’s identity, checks account balance/credit limit, and sends response to the merchant/PSP. |
Regulators | (Local and EU-wide) Oversee compliance with PSD2, AML, SCA, etc. | PSPs must obtain licenses, submit periodic reports, and comply with data privacy regulations. |
4. Breaking Down the Key Entities: ASPSP, PISP, AISP, CBPII
4.1 ASPSP (Account Servicing Payment Service Provider)
Definition: The bank or financial institution that holds a user’s payment account.
Obligation Under PSD2: Must open secure APIs to regulated TPPs, enabling them to access account data or initiate payments with user consent.
Examples: Traditional banks (HSBC, BNP Paribas), digital banks (N26, Revolut), credit unions.
4.2 PISP (Payment Initiation Service Provider)
Definition: A TPP that can initiate a payment directly from a user’s bank account.
Real-World Usage: Online merchants can let customers pay via bank transfer without the user manually logging into their bank.
Security: Must comply with SCA, ensuring every payment is securely authorized by the account holder.
4.3 AISP (Account Information Service Provider)
Definition: A TPP that aggregates account information from multiple ASPSPs.
Benefit: Gives consumers a consolidated view of their finances—checking account balances, transaction history, and more—across different banks in one interface.
Examples: Budgeting apps like Tink, Yolt, or Money Dashboard that require user consent to pull in transaction data from multiple bank accounts.
4.4 CBPII (Card-Based Payment Instrument Issuer)
Definition: A TPP that issues a card-based payment instrument linked directly to a user’s bank account.
Function: Works like a traditional debit card but is not necessarily issued by the user’s primary bank. Instead, the CBPII checks fund availability through open APIs.
Example: A startup offers a “travel card” connected to your main bank account, eliminating the need to move money around manually.
5. Responsibilities of a Wise Pay (or Any Payment) Software Developer
Developing a fintech or payment solution like Wise Pay involves multiple responsibilities spanning security, compliance, scalability, and collaboration. Below is a detailed list of common responsibilities for a Payment Software Developer role:
Responsibility Area | Key Tasks | Details/Examples |
Design & Development | - Collaborate with product managers & architects on system architecture. - Implement new features in a clean, testable manner. - Adhere to coding standards and review code. | E.g., building user onboarding flows, payment initiation functionalities, or merchant admin dashboards. |
Payment Integration & Security | - Integrate with third-party payment providers/banks. - Ensure compliance with PCI DSS, PSD2, and other regulations. - Implement fraud detection & prevention measures. | E.g., using tokenization, encryption, and real-time fraud detection tools to minimize risk and secure transactions. |
System Maintenance & Support | - Debug and troubleshoot issues in production. - Set up logging, monitoring, and alerting for proactive issue detection. - Contribute to CI/CD pipelines for smooth releases. | E.g., identifying and resolving latency issues during peak transaction periods, ensuring near-zero downtime. |
Collaboration & Communication | - Work with QA, DevOps, UI/UX, and compliance teams. - Maintain clear, updated documentation and architectural diagrams. - Communicate risks and timelines to stakeholders. | E.g., hosting sprint planning sessions, performing peer code reviews, sharing knowledge on Slack or project management tools. |
Performance & Optimization | - Conduct load/stress testing to handle peak volumes. - Optimize database queries and caching strategies. - Design scalable solutions for future growth. | E.g., implementing sharding or partitioning strategies for transaction data when volumes scale globally. |
Continuous Improvement | - Suggest improvements to Agile/DevOps workflows. - Keep updated with industry trends (Open Banking, real-time payments). - Mentor junior developers. | E.g., introducing new frameworks or libraries that streamline coding, performing code reviews, or conducting knowledge-sharing sessions with the team. |
6. Bringing It All Together
The modern payment landscape is incredibly dynamic, shaped by regulations like PSD2 and powered by a web of interconnected players—banks (ASPSPs), Payment Service Providers (PSPs), Third-Party Providers (PISPs, AISPs, CBPIIs), and of course, merchants and customers. Understanding each actor’s role is essential for anyone involved in designing, developing, or managing payment solutions.
For developers, the sector offers both challenges and opportunities:
Compliance: Navigating PSD2, SCA, PCI DSS, AML, and data protection.
Innovation: Leveraging APIs to build seamless user experiences (e.g., one-click bank transfers, aggregated dashboards).
Security & Scale: Managing fraud risk, encryption, authentication, and high-volume transaction throughput.
The future will undoubtedly see further evolution—more open APIs, advanced authentication methods (biometrics), and expanded services that empower consumers with greater control over their finances. As a payment software developer, staying abreast of these developments and building robust, user-centric solutions is both a responsibility and an exciting opportunity.
Final Thoughts
Whether you’re a merchant exploring new ways to get paid, a fintech startup looking to disrupt the market, or a developer stepping into the world of payments, understanding PSD2 and the key payment roles (PSP, ASPSP, PISP, AISP, CBPII) is vital. These concepts form the backbone of Open Banking and the broader trend toward a more inclusive, secure, and innovative financial ecosystem.
Have questions or insights? Feel free to share them in the comments section—discussion fosters collective growth in this ever-evolving domain!