Light Dark
November 9, 2016 By Assaf Regev 3 min read
Banking & Finance
Fraud Protection

The new revised Payments Services Directive (PSD2) is designed to open the market to new forms of regulated payments and has a direct effect on the entire European payment industry. The directive will grant access to customer bank accounts and transaction data to third-party providers via a dedicated set of application program interfaces (APIs).

An Open and Innovative Environment

The original Directive on Payment Services was created in 2009 as a uniform payments directive across Europe. The PSD2, scheduled to be enforced in early 2017, puts greater emphasis on the digital channel as a means of creating a more open and innovative environment for banking customers, while also opening the stage to new third-party providers.

One of the most important parts of the new directive is the access to the account for Payment Initiation and Account Information Services (XS2A). To access the relevant data, Account Information Service Providers (AISPs) may need to use open APIs to request account information and initiate payments from a specified account.

Another stipulation refers to the addition of Payment Information Service Providers (PISPs), which can initiate payment transactions. This is a big change — there are currently only a handful of payment options that can take money from one account and send it elsewhere, such as the Single Euro Payment Area (SEPA).

The PSD2 in Action

Let’s look at a typical online purchase for an example of how the PSD2 might affect consumers and providers alike.

When a customer shops online, instead of entering credit card information, the online retailer will request access to his or her bank account. Once the customer agrees to share those details, he or she will be redirected to the bank’s website to provide the necessary permissions.

This is similar to the way applications request access to a user’s Facebook or Gmail account today. In lieu of sharing his or her banking details with the online merchant, the user will simply grant permissions to the bank to execute online payments on their behalf.

The next time the customer attempts to access the same retailer, he or she may be required to grant the permissions again, or they will stay active until the customer chooses to revoke them.

PSD2 regulations also provide an opportunity for banks and other financial institutions to address digital transformation. The underlying security and an open API platform can help level the playing field between the various players, with the goal of increasing competitiveness and delivering increased value to end users.

Watch the on-demand webinar to learn more about PSD2

Security Versus Convenience — Why Not Both?

PSD2 is designed to foster innovation, enhance transparency and drive competition by enabling new players to enter the financial services industry. It also aims to enhance consumer protection, increase convenience and contribute to a more integrated and efficient European payments market overall.

IBM Trusteer solutions can help organizations step up to the challenges and opportunities presented by the new regulation. These include strong customer authentication, transaction/session signing and enhanced electronic payments. Trusteer supports the development of user-friendly, accessible and innovative means of payment and provides real-time recommendations regarding login attempts, session time out and validity of authentication across both web and mobile.

Additionally, Trusteer Pinpoint Detect works in conjunction with additional products and services to further enhance fraud identification and remediation across many attack vectors. By aggregating and correlating evidence-based threat intelligence, risk-based indicators, behavioral analytics and in-depth fraud information, we can help organizations meet their security demands. This approach allows enterprises to concentrate on providing innovative banking and payment solutions while balancing security and user convenience.

Learn More

To learn more about the challenges and opportunities presented by PSD2, watch our on-demand webinar, “Ready, Steady, GO — PSD2 is Coming” or download the white paper, “The Impact of PSD2 on Authentication and Security in European Financial Institutions.”

 |  |  |  |  |  |  | 
Assaf Regev

More from Banking & Finance
November 7, 2024

Exploring DORA: How to manage ICT incidents and minimize cyber threat risks

3 min read - As cybersecurity breaches continue to rise globally, institutions handling sensitive information are particularly vulnerable. In 2024, the average cost of a data breach in the financial sector reached $6.08 million, making it the second hardest hit after healthcare, according to IBM's 2024 Cost of a Data Breach report. This underscores the need for robust IT security regulations in critical sectors.More than just a defensive measure, compliance with security regulations helps organizations reduce risk, strengthen operational resilience and enhance customer trust.…

July 25, 2024

Unveiling the latest banking trojan threats in LATAM

9 min read - This post was made possible through the research contributions of Amir Gendler.In our most recent research in the Latin American (LATAM) region, we at IBM Security Lab have observed a surge in campaigns linked with malicious Chrome extensions. These campaigns primarily target Latin America, with a particular emphasis on its financial institutions.In this blog post, we’ll shed light on the group responsible for disseminating this campaign. We’ll delve into the method of web injects and Man in the Browser, and…

March 13, 2024

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature