Definition
The PSU (Payment Service User) is you, as soon as you use a payment service.
As an account holder, you grant or withdraw, at any time, the consent given to the providers (bank, aggregator, fintech) that want to access it.
Why such a generic term
PSD2 needs a neutral word to cover every profile. The PSU can be:
- an individual who uses Bankin' to track their accounts;
- the owner of a small business who connects Pennylane to their Qonto account;
- an SME whose accountant initiates transfers via a PISP app.
The legal status changes (consumer vs business), but the role stays the same: account owner, source of consent.
Your rights as a PSU
- Give explicit, granular consent that is revocable at any time.
- Freely choose an authorised TPP, with no possibility for the bank to object.
- Enjoy free access to AIS and PIS services via your bank.
- Be protected by SCA on sensitive operations.
What you need to understand
- Consent is framed: the scope of the data, the duration and the frequency are all tracked.
- In the event of an unauthorised payment, it is your bank (the ASPSP) that reimburses first, and then turns to the PISP if its liability is engaged.
- You stay in control: an access right is revoked from your banking area, with no need to go through the TPP.
Within the PSD2 ecosystem
The PSU is at the centre of the system: without them, there is no consent, and therefore no access to data and no payment initiation.
Real-world examples
- Individual — aggregation: you connect Bankin' to your BNP account by approving via SCA. You are the PSU, Bankin' the AISP, BNP the ASPSP.
- Business — accounting: your accountant connects Pennylane to your Qonto, but it is you, the business owner, who remains the PSU and gives consent.
- E-commerce — payment: at checkout with Decathlon, you pay via Fintecture (the PISP); it is you, the PSU, who authorises the transfer, with the PISP being merely an intermediary.