Maybe you already have full control of PSD2, and what it means for you, and your business? If not, no need to worry. Our security solution is PSD2 compliant!
We put together a short summary of the new regulation to give you an overview of what it’s all about.
What is PSD2?
The EU Payment Services Directive, PSD2, has been submitted by the European Banking Authority (EBA) and regulates how financial institutes and third-party services receive customer data information.
PSD2 will allow new players access to the consumers’ payment account to make payments on their behalf and to provide them an overview of their various payment accounts. The institutions holding the payment account of the consumer will have to provide these new players access to the account, for example via an API.
The purpose of PSD2 is to make payments safer, increase consumer protection, and create an environment for innovation and competition on equal terms for all players, both established and new ones.
With PSD2 the aim is to reduce the risk of fraud for electronic transactions using Strong Customer Authentication, and enhancing the protection of the consumers’ data.
Strong Customer Authentication
One of the most important things in PSD2 is the need to perform strong authentication of users of electronic payment services.
For all electronic transactions this means that two, or more of the following independent elements must be used:
- Knowledge – Something only the user knows like password or PIN
- Possession – Something only the user possesses, the key material
- Inherence – Something the user is like fingerprint or voice recognition
Strong Customer Authentication will have to be applied each time the user makes a payment, unless:
- The payment amount is less than, at the moment € 30
- The beneficiary is already identified
And the first time, and at least every 90 days a user consult their payment account, or an aggregated view of their payment accounts, using an additional service.
For secure remote Internet or mobile transactions, you will also need a unique authentication code that dynamically links the transaction to a specific amount and a specific payee.
PSD2 also implies that you have to detect signs of malware infection in any sessions of the authentication procedure.
When does PSD2 apply?
PSD2 applies to all transactions made, where at least one party is located within the EU, and to all official currencies.
Are you concerned?
This is just the short version. Contact us today for more information. The Keypasco Solution meets all PSD2 requirements and can ensure that your services are PSD2 compliant.