PSD2 & API Security

PSD2 & API Security

Oct 1, 2020

What is PSD2 and how is it disrupting the financial landscape?

The second Payment Services Directive (PSD2) is a data-driven legislation introduced by the European Union (EU) in 2015, with which all payment service providers (PSPs) throughout the EU and beyond must comply.

PSD2 expands the scope of 2007’s PSD, a directive implemented to make payments across borders as easy, secure and inexpensive as domestic payments. However, a short eight years later, innovations in technology and the prevalence of fintech have created new challenges for the payments industry to address.

The new directive is already disrupting how consumers manage money as spending data enters the public domain. Traditional and non-traditional financial institutions alike have instant access to everything from a consumer’s monthly commuting costs and favourite coffee shop to their energy and mortgage supplier.

However, following kick-back from the Financial Conduct Authority (FCA) it has become clear that many affected organisations are struggling to meet the legislation’s initial, ambitious compliance deadline of 14th September 2019, which has now been extended by 18 months to March 2021. The delay gives banks and retailers alike a short reprieve to meet PSD2’s timeline for the implementation of Strong Customer Authentication (SCA), which requires certain payments to use two-factor authentication.

This whitepaper will explore the effects of Brexit on PSD2 & API, the security implications of the revolutionary implementation of open banking and determine actions for financial institutions to ensure their consumer data remains secure in this new environment.