Payment Initiation Service (PIS)

What Is a Payment Initiation Service?

A Payment Initiation Service (PIS) is a regulated financial service that allows a licensed third party, known as a Payment Initiation Service Provider (PISP), to initiate a payment order from a user's bank account on their behalf. Rather than paying with a card number, the customer authorizes a direct bank transfer through their own bank's authentication interface, and funds move from the payer's account to the merchant's account without passing through a card network.

The legal framework for PIS was established by the EU's Revised Payment Services Directive (PSD2), which came into force in 2018. Article 4(15) of PSD2 defines PIS as "a service to initiate a payment order at the request of the payment service user with respect to a payment account held at another payment service provider." This directive required banks across the EU and EEA to open their payment infrastructure to licensed third-party providers via APIs.

In practice, PIS powers the "Pay by Bank" option increasingly visible at online checkouts. It represents the open banking approach to payments: instead of relying on card rails that were designed in the 1960s, PIS leverages modern bank APIs to move money directly between accounts.

How It Works

A PIS-initiated payment follows a five-step flow. The entire user-facing process typically completes in under 45 seconds:

1. The customer selects "Pay by Bank" at checkout. The merchant's application calls the PISP's API with the payment amount, currency, payee details, and a reference.
2. The customer chooses their bank from a list provided by the PISP. The PISP generates a redirect URL or deep link to the customer's bank.
3. The customer authenticates via Strong Customer Authentication (SCA) at their bank, providing two of three factors: something they know (password or PIN), something they have (mobile device or token), or something they are (biometrics).
4. The customer reviews the pre-filled payment details within their bank's trusted interface and confirms. The bank executes a credit transfer via the underlying payment rail (such as SEPA Credit Transfer in Europe or Faster Payments in the UK).
5. The bank confirms execution to the PISP, which relays the payment status back to the merchant. With SEPA Instant Credit Transfer, funds arrive in the payee's account in under 10 seconds.

A critical detail: the PISP never holds or touches the customer's funds at any point. PSD2 Article 66 explicitly prohibits PISPs from holding payer funds during service provision. The PISP only transmits the payment instruction; the bank executes it.

API Standards

Three major API standards govern how PISPs communicate with banks across Europe:

• Berlin Group NextGenPSD2: the dominant European standard, implemented by over 75% of European banks. The current version (v1.3.16, published December 2025) supports single, bulk, future-dated, and recurring payments. Data models are based on ISO 20022.
• Open Banking UK (OBIE Read/Write API): the mandated standard in the UK, using Financial-grade API (FAPI) security profiles. Supports domestic payments, scheduled payments, standing orders, and international payments.
• STET: developed by France's central clearing house and adopted by major French banks. Built on REST, OAuth2, and ISO 20022, with plans to converge with the Berlin Group standard.

A Simplified API Flow

While specific implementations vary by standard, the core API interaction follows this pattern:

// 1. PISP creates a payment consent with the bank (ASPSP)
POST /payments
{
  "instructedAmount": { "currency": "EUR", "amount": "49.99" },
  "creditorAccount": { "iban": "DE89370400440532013000" },
  "creditorName": "Merchant Ltd",
  "remittanceInformation": "Order #12345"
}

// 2. Bank returns consent ID + redirect URL for SCA
{
  "paymentId": "pmt-abc-123",
  "status": "RCVD",
  "_links": {
    "scaRedirect": "https://bank.example/authorize?payment=pmt-abc-123"
  }
}

// 3. After customer authenticates, PISP checks status
GET /payments/pmt-abc-123/status
{
  "transactionStatus": "ACSC"  // AcceptedSettlementCompleted
}

PIS vs. Card Payments

PIS fundamentally changes the cost structure and settlement dynamics of merchant payments. The differences are significant:

US merchants paid $187.2 billion in card swipe fees in 2024 on over $11.9 trillion of payments. PIS-based "Pay by Bank" can reduce those costs by 40-85%, which explains the rapid adoption curve. For a deeper comparison of traditional and emerging payment rails, see the research article on card network economics.

Regulatory Framework

PSD2 (2015-2025)

PSD2 created the legal category of PISPs as licensed Third Party Providers (TPPs). Key regulatory requirements include:

• PISPs must be authorized as Payment Institutions by their national competent authority, with a minimum initial capital of EUR 50,000
• PISPs must hold professional indemnity insurance to cover liability
• Banks must treat payment orders from PISPs without discrimination versus orders placed directly by the payer
• PISPs cannot request, access, or store data beyond what is necessary to provide the payment initiation service
• PISPs cannot modify transaction amounts, payees, or other transaction features

PSD3 and PSR (2026-2028)

The European Parliament and Council reached provisional agreement on PSD3 and the Payment Services Regulation (PSR) in November 2025, with publication expected by mid-2026. Key changes relevant to PIS:

• PSD3 and PSR merge PSD2 and the Electronic Money Directive (EMD2) under a single framework
• Open banking APIs receive more prescriptive performance requirements, with national regulators empowered to act against non-compliant bank interfaces
• Payee-name verification becomes mandatory: banks must check that the payee name matches the IBAN, with provider liability for misdirected funds
• Impersonation fraud protections: transactions manipulated by fraudsters are treated as unauthorized, triggering full reimbursement
• The EU Instant Payments Regulation (adopted March 2024) requires all EU banks to support SEPA Instant transfers by October 2025, ensuring PIS-initiated payments benefit from sub-10-second settlement across the eurozone

Adoption and Market Data

The UK leads global PIS adoption. As of July 2025, the UK had 15.16 million open banking users (nearly one in three adults), with 351 million open banking payments processed in 2025, a 57% increase year-on-year. PIS API calls grew 53%, more than double the growth rate of Account Information Services.

Brazil has seen explosive growth, with PIS API calls growing 194% in 2024 and reaching 159 million transactions. Over 80% of participating Brazilian banks support PISP functionality. In the EU, 94% of licensed banks comply with PSD2 open banking APIs, and the global open banking market was valued at $35.3 billion in 2025 with a projected 20.8% annual growth rate.

Payment initiation services account for the largest revenue share (37.8%) of the overall open banking market, surpassing account information services. For more on how open banking is reshaping payments globally, see the research on the global state of open banking.

Use Cases

E-Commerce Checkout

The primary use case for PIS is online checkout. Merchants embed a "Pay by Bank" option alongside card and wallet payments. The customer selects their bank, authenticates in their banking app, and is redirected back to the merchant with a payment confirmation. No card details are entered, no account numbers are typed manually. The merchant receives instant (or near-instant) confirmation and, with instant rails, same-second settlement.

Recurring and Subscription Payments

Variable Recurring Payments (VRP) extend PIS to support subscription-like mandates. The customer authorizes a third party to initiate multiple payments within agreed parameters (maximum amount, frequency, duration) without requiring repeated SCA for each transaction. In the UK, VRPs already account for 16% of open banking transactions as of 2025, with commercial VRP expected to expand to utilities, financial services, and government payments.

Bill Payments and Invoicing

Businesses use PIS to embed payment links in invoices. Instead of asking customers to manually set up a bank transfer (entering IBANs, references, and amounts), the customer clicks a link, authenticates with their bank, and the pre-filled payment executes. This reduces errors, speeds collection, and eliminates the reconciliation burden of manual transfers.

Cross-Border Payments

PIS-initiated SEPA transfers enable low-cost cross-border payments across 36 European countries. When paired with SEPA Instant, these transfers complete in seconds at a fraction of card network costs. For broader context on emerging A2A corridors, see the research on the A2A payments revolution.

The Bitcoin Parallel

PIS and Bitcoin share a core architectural principle: both are push payment systems where the payer authorizes and sends funds, rather than pull payment systems where merchants withdraw from accounts. Both eliminate card networks as intermediaries. Both achieve payment finality without chargebacks.

The difference is in the settlement layer. PIS relies on bank infrastructure and regulatory mandates to ensure access. Bitcoin and Layer 2 networks like Spark provide instant settlement on a permissionless rail, where no central authority can revoke API access or impose geographic limitations. For merchants, both approaches reduce costs compared to cards, but Bitcoin-based payment initiation works globally without requiring bank-by-bank API integration or regional regulatory frameworks.

Risks and Considerations

Limited Consumer Protections

Because PIS-initiated payments are irrevocable push payments, consumers lose the chargeback protections that card payments provide. If a merchant fails to deliver goods, the customer cannot reverse the payment through the bank. While this benefits merchants (no chargeback fraud), it shifts risk to consumers. PSD3 addresses some of this with enhanced impersonation-fraud protections, but the fundamental irrevocability remains.

Authorized Push Payment (APP) Fraud

APP fraud, where customers are socially engineered into authorizing payments to fraudsters, accounts for 74% of all open banking fraud cases in the UK. Because the customer genuinely authenticates the payment via SCA, banks have historically disputed liability. PSD3 and the PSR introduce stronger protections, treating impersonation-manipulated transactions as unauthorized and requiring provider reimbursement when users report to police.

Bank API Reliability

PIS depends entirely on bank APIs being available and performant. Downtime, slow response times, or inconsistent authentication flows at the bank level directly impact the checkout experience. While PSD2 requires banks to provide dedicated interfaces, the quality and reliability of those interfaces varies significantly. PSD3 introduces more enforceable performance requirements to address this gap.

Geographic Fragmentation

Despite standardization efforts, PIS implementations differ by country, API standard, and bank. A PISP operating across Europe must integrate with multiple standards (Berlin Group, OBIE, STET) and handle national variations in authentication flows, payment types, and error handling. This fragmentation increases integration complexity compared to the globally interoperable card networks.

Limited Reach Outside Europe

PIS as a regulated framework is primarily a European construct. While similar concepts exist in other regions (Pix in Brazil, UPI in India, FedNow in the US), there is no global equivalent to PSD2 mandating bank API access. Merchants serving global customers still need card acceptance alongside PIS. The real-time payments landscape provides broader context on regional payment modernization efforts.

This glossary entry is for informational purposes only and does not constitute financial or investment advice. Always do your own research before using any protocol or technology.