What is PSD2?
PSD2 follows the original Payment Services Directive (PSD) that was adopted by the European Union in the year 2009. This regulation breaks the monopoly of banks on their customers’ data and represents an important step towards “open banking”. The new EU regulation directs financial institutions to open up their interfaces and give third party providers (TPPS) access to customer data. The third parties could leverage the data to create new & innovative services to enhance customer experience. This results in new services, such as the initiation of payments directly from an online shop – obviously, with the consent of the account holder or the customer. In short, the new EU directive aims to boost competition in European payments, encourage innovation and make money transfers more convenient and secure.
But this is nothing new and has been known for a long time. But slowly things are getting serious. The deadline to implement PSD2 is only a few days away and banks have to provide a technical interface including a test environment for payment initiation services and access to their customers’ account information. For established financial institutions, the new directive would mean both opportunity and risk.
The implications – What to keep in mind
The new directive that is set to revolutionize the payments industry, poses technical challenges to banks- Banks will have to ensure that they have the right infrastructure to support secure data-sharing across all channels via APIs and other services to TTPs while providing a strong authentication solution to secure payment transactions. There is no much time left, as by March 14, 2019, financial service providers are expected to provide a PDS2 test environment and the deadline to be PSD2-compliant, September 2019, is fast approaching.
The requirements are not really new
The challenge of secure data exchange and unique authentication is not new. Many companies outside the banking sector have already implemented this in the past. However, this is the first time that the financial services industry has been forced to interface with third parties. In order to implement the regulatory requirements accurately and on time, banks should rely on a partner who has the necessary expertise from completed customer projects and can implement the PSD2 requirements quickly. cidaas, our Customer Identity and Access Management solution (CIAM), delivers the required functionalities out-of-the-box. A comprehensive feature set ensures PSD2 conformity and the cloud service can be easily integrated into any existing IT landscape.
Secure and seamless authentication with cidaas
Based on the OAuth2 and OpenID connect standards, cidaas guarantees the secure access to accounts (XS2A) required in the PSD2 context as well as the required SCA – strong customer authentication. cidaas relies on strong multi-factor authentication methods, which also include biometric factors such as face, voice, fingerprint etc. in its two-factor authentication.
Within the framework of the PSD2, special attention must also be paid to data protection regulations. Payment service providers should process the customers’ personal data only upon obtaining their consent. The respective account-holding organization must check the consents and ensure that they are accessible and editable by the end customer himself at any given point in time. By default, cidaas supplies all features necessary for the administration of the consents. Financial institutions can thus obtain and manage the obligatory consents of the customers and at the same time grant access based on their defined preferences.
Are you impacted by the upcoming PSD2 guidelines and still need help implementing them? Please feel free to contact us or start with our free cidaas Freeplan
Read what Thomas Widmann, CEO of WidasConcepts, has to say about PSD2 and the importance of an identity and access management solution for secure and unique customer authentication.