November 9, 2016 By Assaf Regev 3 min read

The new revised Payments Services Directive (PSD2) is designed to open the market to new forms of regulated payments and has a direct effect on the entire European payment industry. The directive will grant access to customer bank accounts and transaction data to third-party providers via a dedicated set of application program interfaces (APIs).

An Open and Innovative Environment

The original Directive on Payment Services was created in 2009 as a uniform payments directive across Europe. The PSD2, scheduled to be enforced in early 2017, puts greater emphasis on the digital channel as a means of creating a more open and innovative environment for banking customers, while also opening the stage to new third-party providers.

One of the most important parts of the new directive is the access to the account for Payment Initiation and Account Information Services (XS2A). To access the relevant data, Account Information Service Providers (AISPs) may need to use open APIs to request account information and initiate payments from a specified account.

Another stipulation refers to the addition of Payment Information Service Providers (PISPs), which can initiate payment transactions. This is a big change — there are currently only a handful of payment options that can take money from one account and send it elsewhere, such as the Single Euro Payment Area (SEPA).

The PSD2 in Action

Let’s look at a typical online purchase for an example of how the PSD2 might affect consumers and providers alike.

When a customer shops online, instead of entering credit card information, the online retailer will request access to his or her bank account. Once the customer agrees to share those details, he or she will be redirected to the bank’s website to provide the necessary permissions.

This is similar to the way applications request access to a user’s Facebook or Gmail account today. In lieu of sharing his or her banking details with the online merchant, the user will simply grant permissions to the bank to execute online payments on their behalf.

The next time the customer attempts to access the same retailer, he or she may be required to grant the permissions again, or they will stay active until the customer chooses to revoke them.

PSD2 regulations also provide an opportunity for banks and other financial institutions to address digital transformation. The underlying security and an open API platform can help level the playing field between the various players, with the goal of increasing competitiveness and delivering increased value to end users.

Watch the on-demand webinar to learn more about PSD2

Security Versus Convenience — Why Not Both?

PSD2 is designed to foster innovation, enhance transparency and drive competition by enabling new players to enter the financial services industry. It also aims to enhance consumer protection, increase convenience and contribute to a more integrated and efficient European payments market overall.

IBM Trusteer solutions can help organizations step up to the challenges and opportunities presented by the new regulation. These include strong customer authentication, transaction/session signing and enhanced electronic payments. Trusteer supports the development of user-friendly, accessible and innovative means of payment and provides real-time recommendations regarding login attempts, session time out and validity of authentication across both web and mobile.

Additionally, Trusteer Pinpoint Detect works in conjunction with additional products and services to further enhance fraud identification and remediation across many attack vectors. By aggregating and correlating evidence-based threat intelligence, risk-based indicators, behavioral analytics and in-depth fraud information, we can help organizations meet their security demands. This approach allows enterprises to concentrate on providing innovative banking and payment solutions while balancing security and user convenience.

Learn More

To learn more about the challenges and opportunities presented by PSD2, watch our on-demand webinar, “Ready, Steady, GO — PSD2 is Coming” or download the white paper, “The Impact of PSD2 on Authentication and Security in European Financial Institutions.”

More from Banking & Finance

Virtual credit card fraud: An old scam reinvented

3 min read - In today's rapidly evolving financial landscape, as banks continue to broaden their range of services and embrace innovative technologies, they find themselves at the forefront of a dual-edged sword. While these advancements promise greater convenience and accessibility for customers, they also inadvertently expose the financial industry to an ever-shifting spectrum of emerging fraud trends. This delicate balance between new offerings and security controls is a key part of the modern banking challenges. In this blog, we explore such an example.…

Cost of a data breach 2023: Financial industry impacts

3 min read - According to the IBM Cost of a Data Breach Report 2023, the global average cost of a data breach in 2023 was $4.45 million, 15% more than in 2020. In response, 51% of organizations plan to increase cybersecurity spending this year. For the financial industry, however, global statistics don’t tell the whole story. Finance firms lose approximately $5.9 million per data breach, 28% higher than the global average. In addition, evolving regulatory concerns play a role in how financial companies…

Gozi strikes again, targeting banks, cryptocurrency and more

3 min read - In the world of cybercrime, malware plays a prominent role. One such malware, Gozi, emerged in 2006 as Gozi CRM, also known as CRM or Papras. Initially offered as a crime-as-a-service (CaaS) platform called 76Service, Gozi quickly gained notoriety for its advanced capabilities. Over time, Gozi underwent a significant transformation and became associated with other malware strains, such as Ursnif (Snifula) and Vawtrak/Neverquest. Now, in a recent campaign, Gozi has set its sights on banks, financial services and cryptocurrency platforms,…

The rise of malicious Chrome extensions targeting Latin America

9 min read - This post was made possible through the research contributions provided by Amir Gendler and Michael  Gal. In its latest research, IBM Security Lab has observed a noticeable increase in campaigns related to malicious Chrome extensions, targeting  Latin America with a focus on financial institutions, booking sites, and instant messaging. This trend is particularly concerning considering Chrome is one of the most widely used web browsers globally, with a market share of over 80% using the Chromium engine. As such, malicious…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today