Light Dark
November 9, 2016 By Assaf Regev 3 min read
Banking & Finance
Fraud Protection

The new revised Payments Services Directive (PSD2) is designed to open the market to new forms of regulated payments and has a direct effect on the entire European payment industry. The directive will grant access to customer bank accounts and transaction data to third-party providers via a dedicated set of application program interfaces (APIs).

An Open and Innovative Environment

The original Directive on Payment Services was created in 2009 as a uniform payments directive across Europe. The PSD2, scheduled to be enforced in early 2017, puts greater emphasis on the digital channel as a means of creating a more open and innovative environment for banking customers, while also opening the stage to new third-party providers.

One of the most important parts of the new directive is the access to the account for Payment Initiation and Account Information Services (XS2A). To access the relevant data, Account Information Service Providers (AISPs) may need to use open APIs to request account information and initiate payments from a specified account.

Another stipulation refers to the addition of Payment Information Service Providers (PISPs), which can initiate payment transactions. This is a big change — there are currently only a handful of payment options that can take money from one account and send it elsewhere, such as the Single Euro Payment Area (SEPA).

The PSD2 in Action

Let’s look at a typical online purchase for an example of how the PSD2 might affect consumers and providers alike.

When a customer shops online, instead of entering credit card information, the online retailer will request access to his or her bank account. Once the customer agrees to share those details, he or she will be redirected to the bank’s website to provide the necessary permissions.

This is similar to the way applications request access to a user’s Facebook or Gmail account today. In lieu of sharing his or her banking details with the online merchant, the user will simply grant permissions to the bank to execute online payments on their behalf.

The next time the customer attempts to access the same retailer, he or she may be required to grant the permissions again, or they will stay active until the customer chooses to revoke them.

PSD2 regulations also provide an opportunity for banks and other financial institutions to address digital transformation. The underlying security and an open API platform can help level the playing field between the various players, with the goal of increasing competitiveness and delivering increased value to end users.

Watch the on-demand webinar to learn more about PSD2

Security Versus Convenience — Why Not Both?

PSD2 is designed to foster innovation, enhance transparency and drive competition by enabling new players to enter the financial services industry. It also aims to enhance consumer protection, increase convenience and contribute to a more integrated and efficient European payments market overall.

IBM Trusteer solutions can help organizations step up to the challenges and opportunities presented by the new regulation. These include strong customer authentication, transaction/session signing and enhanced electronic payments. Trusteer supports the development of user-friendly, accessible and innovative means of payment and provides real-time recommendations regarding login attempts, session time out and validity of authentication across both web and mobile.

Additionally, Trusteer Pinpoint Detect works in conjunction with additional products and services to further enhance fraud identification and remediation across many attack vectors. By aggregating and correlating evidence-based threat intelligence, risk-based indicators, behavioral analytics and in-depth fraud information, we can help organizations meet their security demands. This approach allows enterprises to concentrate on providing innovative banking and payment solutions while balancing security and user convenience.

Learn More

To learn more about the challenges and opportunities presented by PSD2, watch our on-demand webinar, “Ready, Steady, GO — PSD2 is Coming” or download the white paper, “The Impact of PSD2 on Authentication and Security in European Financial Institutions.”

 |  |  |  |  |  |  | 
Assaf Regev

More from Banking & Finance
March 13, 2024

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

March 7, 2024

New Fakext malware targets Latin American banks

6 min read - This article was made possible thanks to contributions from Itzhak Chimino, Michael Gal and Liran Tiebloom. Browser extensions have become integral to our online experience. From productivity tools to entertainment add-ons, these small software modules offer customized features to suit individual preferences. Unfortunately, extensions can prove useful to malicious actors as well. Capitalizing on the favorable characteristics of an add-on, an attacker can leverage attributes like persistence, seamless installation, elevated privileges and unencrypted data exposure to distribute and operate banking…

January 26, 2024

DORA and your quantum-safe cryptography migration

5 min read - Quantum computing is a new paradigm with the potential to tackle problems that classical computers cannot solve today. Unfortunately, this also introduces threats to the digital economy and particularly the financial sector.The Digital Operational Resilience Act (DORA) is a regulatory framework that introduces uniform requirements across the European Union (EU) to achieve a "high level of operational resilience" in the financial services sector. Entities covered by DORA — such as credit institutions, payment institutions, insurance undertakings, information and communication technology…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature