obOpen Banking Lab
GlossarySTETBlogContact
Actor

PAO

Payment Account Owner

The owner of the account that will be debited in a transaction. The term comes into its own when the payer is not the direct user of the payment service.

See also:PSUPRPISPASPSP

Definition

The PAO (Payment Account Owner) is the owner of the account that will be debited in a transaction.

The term, used notably in the STET standard, distinguishes the actual payer from the service user when they are two different people.

PAO vs PSU: the distinction that matters

Most of the time, PAO = PSU: the same person owns the account and operates the app. But not always:

  • Simple case — you pay online via a PISP: you are both PAO and PSU.
  • Payment Request — a merchant requests a payment from its customer via a PISP: the PSU is the merchant (the service user), the PAO is the customer whose account is debited.
  • Joint or business account — the PAO can be the legal holder (entity, co-holder), while the PSU is the person who approves.

Distinguishing the two lets the ASPSP know who to authenticate (the PAO via SCA) and who responds to the PISP on the UX side (the PSU).

What characterises the PAO

  • It is the legal owner of the account at the ASPSP.
  • It is the party that must be authenticated (SCA) to authorise the debit.
  • It bears responsibility for the payment once consented.
  • Its IBAN is the debtorAccount in the STET / Berlin Group APIs.

What does not characterise it

  • It is not necessarily the one who clicks in the app (that is the PSU).
  • It does not need a direct relationship with the PISP: its relationship is with its bank (ASPSP).
  • It does not receive the money: that is the PR (Payment Recipient).

In the PSD2 ecosystem

The PAO sits at the end of the chain on the funds side: the debit is made on its account, but the experience (in-app consent, approval) can be driven by a different PSU.

Concrete examples

  • Merchant Payment Request: a merchant uses Fintecture to send a payment request by SMS or email. The merchant is the PSU, the customer is the PAO.
  • B2B collection: GoCardless Instant Bank Pay lets a business (PSU) request an immediate transfer from a customer (PAO), rather than a SEPA direct debit.
  • Business account: an accountant uses Pennylane (PSU) to initiate a VAT transfer from your company's account (the PAO).
  • Joint account: the PAO designates the co-holder whose authentication is required — useful to model for family money-management apps.

Sources

Back to glossary