PSD2 (Payment Services Directive 2)

What is the PSD2 (Payment Services Directive 2)?

PSD2 is an EU directive designed to regulate payment services and promote innovation in the financial sector. It applies to banks, payment service providers (PSP) and any other company that handles financial data.

For mobile apps providing payment services, such as banking apps, payment applications, mobile wallets and shopping applications that offer payment functionality, PSD2 requires strong customer authentication and secure data transmission.

PSD2 requirements applying to mobile data

Articles 4, 7, 8 and 9

Articles 4, 7, 8 and 9 impose a strong authentication and a secure execution environment. These security principles are complementary.

Strong authentication

Financial service providers, including banks, must implement authentication based on a minimum of two factors and a one-time password. To ensure strong authentication, the confidentiality of the code and the prevention of fraudulent access are required.

Mobile endpoints

The PSD2 highlights the fact that authentication is reliable only when it is ensured that the communication cannot be intercepted and that the data request sender is the user itself, and not a malware. The PSD2 requires to secure the execution environment by tracking the security of users’ mobile endpoints.

Become compliant with PSD2

PSD2 requires strong customer authentication and secure execution environment. Financial service providers, including banks, must implement a minimum of two factor authentication and a one-time password. RASP, or Runtime Application Self-Protection, helps organizations become compliant with PSD2 by detecting and preventing attacks in real-time, while the application is running.

Contact us for a solution adapted to your business.