Question 1

What are account-to-account (A2A) payments and how do they differ from card payments?

Accepted Answer

Account-to-account payments transfer funds directly between bank accounts, without using card networks like Visa or Mastercard. They are typically initiated through open banking APIs or instant payment rails — SEPA Instant, UK Faster Payments, FedNow, Pix, UPI. Compared to card payments, A2A has lower or zero interchange, faster settlement (often seconds rather than days), no chargeback mechanism, and a different fraud profile: once authorised, funds are typically irrevocable. For merchants, A2A removes interchange and chargeback costs but requires real-time fraud controls and recipient verification.

Question 2

What is open banking and how does it relate to A2A payments?

Accepted Answer

Open banking is a regulatory framework that requires banks to expose customer-permissioned APIs for accessing account information (Account Information Services, AIS) and initiating payments (Payment Initiation Services, PIS). In the UK and EU it derives from PSD2 (in force 2018) and the CMA Open Banking mandate; equivalent regimes operate in Australia (CDR), Brazil (Open Finance), and other markets. A2A payments using open banking are initiated by a Payment Initiation Service Provider (PISP) on behalf of the payer, with Strong Customer Authentication delegated back to the payer's bank.

Question 3

What is the EU Instant Payments Regulation and what are its deadlines?

Accepted Answer

The EU Instant Payments Regulation came into force on 8 April 2024. It mandates that every Payment Service Provider in the EU offers SEPA Instant Credit Transfer at parity to standard SEPA: the same charges, full availability, and no transaction-amount limits beyond what applies to standard SCT. Key deadlines: PSPs in the Eurozone must be able to receive instant payments by 9 January 2025 and send them by 9 October 2025; non-Eurozone EU PSPs follow on 9 January 2027 and 9 July 2027 respectively. The regulation also mandates Verification of Payee and daily sanctions screening rather than per-transaction.

Question 4

What is Verification of Payee (VoP) and Confirmation of Payee (CoP)?

Accepted Answer

Verification of Payee is the EU-mandated check that a recipient's name matches the IBAN before a payment is sent — required under the IPR from 9 October 2025 for all SEPA credit transfers, not just instant ones. Confirmation of Payee is the UK equivalent, mandated for major banks since 2020 and progressively extended to smaller PSPs through 2024–2025. Both are designed to reduce Authorised Push Payment fraud and misdirected payments by surfacing a name mismatch to the payer before the transfer is authorised.

Question 5

What is PSD3 and how does it differ from PSD2?

Accepted Answer

PSD3 and the Payment Services Regulation (PSR) are the European Commission's 2023 proposals to replace PSD2, currently moving through trilogue and entering implementation across 2025–2026. PSD3 keeps the AIS/PIS framework introduced by PSD2 but tightens API performance and availability standards, mandates uniform 24/7 uptime levels for ASPSPs, expands SCA exemptions, formalises liability and reimbursement rules for impersonation fraud, and merges payment-institution and e-money-institution licensing into one framework. The PSR is a directly applicable Regulation (rather than a Directive), replacing the operational rules in PSD2 to remove the transposition variance that exists across member states today.

Question 6

How is fraud different in A2A payments compared to cards?

Accepted Answer

A2A fraud is fundamentally different from card fraud because there is no chargeback mechanism — once an authorised push payment leaves an account, recovering it is operationally and legally hard. The dominant fraud type is Authorised Push Payment (APP) fraud, where a victim is socially engineered into authorising a transfer to a fraudster. In the UK, the Payment Systems Regulator's mandatory reimbursement scheme came into force on 7 October 2024 with an £85,000 cap and a 50/50 liability split between the sending and receiving PSPs. For PSPs this requires real-time behavioural fraud detection at the moment of payment initiation, recipient screening, and intelligent friction that does not break the conversion advantage that makes A2A attractive.

Question 7

What's involved in becoming a Payment Initiation Service Provider (PISP)?

Accepted Answer

Becoming a PISP requires authorisation as a Payment Institution from a national competent authority — the FCA in the UK, BaFin / DNB / etc. in EU member states — under the framework of PSD2 and the forthcoming PSD3. The application requires evidence of governance, capital adequacy, anti-money-laundering controls, professional indemnity insurance, and operational risk management. After authorisation, the PISP must be onboarded with each ASPSP (bank) it intends to integrate with, complete the bank's open banking onboarding (typically eIDAS QWAC certificate, OAuth client registration, sandbox-then-production testing), and pass functional and security testing. End-to-end timelines run 9–18 months for greenfield authorisation.

Question 8

How do you scale across multiple bank APIs in the EU and UK?

Accepted Answer

Scaling A2A coverage means integrating with potentially hundreds of banks across the EU and UK, each with subtle differences in their open banking implementations despite the underlying standards (Open Banking UK, Berlin Group NextGenPSD2, STET, the Polish API). Most large-scale PISPs either build a normalisation layer in-house or use an open banking aggregator (Tink, TrueLayer, Yapily, Plaid, Token.io) to abstract away per-bank quirks, with their own service-level monitoring and per-ASPSP fallback logic on top to manage the API quality variance that PSD3 is meant to flatten.

A2A Payments

Industry Challenges

Our Solutions

A2A payments by the numbers

Frequently asked questions about A2A payments

Services We Provide

Solution Design

Custom Rust Development

Relevant Expertise

Let's solve your A2A Payments challenges