PSD2 (Payment Services Directive 2) compliance
PSD2 is an EU directive designed to regulate payment services and encourage innovation in the financial sector. It applies to banks, payment service providers (PSPs), and any company handling financial data.
For mobile applications offering payment services such as banking apps, mobile wallets, and shopping apps with payment features PSD2 mandates strong customer authentication and secure data transmission.
PSD2 requirements applying to mobile data
Articles 4, 7, 8 and 9
These articles require the implementation of strong customer authentication and a secure execution environment. Both principles must work together to ensure reliable, secure access.
Strong authentication
Financial service providers must implement authentication based on at least two factors and a one-time password. To be considered strong, authentication must guarantee code confidentiality and prevent fraudulent access.
Mobile endpoints
Authentication is only reliable if the communication is secure and the data request truly comes from the user, not malware. PSD2 requires securing the mobile execution environment by monitoring the security status of user endpoints.
How to comply
PSD2 compliance requires both strong customer authentication and a secure execution environment.
Runtime Application Self-Protection (RASP) helps financial service providers meet these requirements by detecting and blocking threats in real time, directly within the application.