Payment Service Directive (PSD2): End user protection

The Payment Service Directive

The second Payment Service Directive (PSD2) is a directive aimed to strengthen the end-user protection while promoting innovative new online banking solution. The directive was founded in the European Union in 2015, and was adopted in the danish parlament in 2018. The directive spans a set of rules and requirements (The RTS among others) for European financial institutes. It applies to banks, payment service providers (PSP) and any other company that handles banking data.

Precise security obligations

The most important security principle appear among the security measures in Articles 4, 7, 8 and 9 of the RTS: Strong and secure authentication

Strong authentication:

Financial service providers must implement authentication methods that rely on a minimum of two-factor authentication and a onetime password. Furthermore confidence in the code and the prevention of malicious acces are required.

The PSD2 highlights the fact that authentication is reliable only when it is ensured that the communication between end-user and bank can not be intercepted and that the data request sender is the user itself, and not a malware.

Securing end-to-end authentication

Securing the end-to-end authentication financial institutes must use end-to-end protection methods that protect against interference in communication and fraudulent acces such as man in the browser/man in the middle attacks.

Codesealers Core available as program extinction for single pages provides real-time protection for communication interceptions and deceiving. Core take the javascript on the single page, and runs it through an exclusive encryption environment, so a possible man in the middle type attack or any fraudulent behavior would be detected.

The problem and the solution:

PSD2 states the problem that strong authentication is required from financial institutions and Codesealers products does solve part of that problem: Ensuring the prevention of malicious attacks in end-to-end communication.

Read more    Get in touch