Payment Service Directive (PSD2): End user protection
The Payment Service Directive
The second Payment Service Directive (PSD2) is a directive aimed to strengthen the end-user protection while promoting innovative new online banking solution. The directive was founded in the European Union in 2015, and was adopted in the danish parlament in 2018. The directive spans a set of rules and requirements (The RTS among others) for European financial institutes. It applies to banks, payment service providers (PSP) and any other company that handles banking data.
Precise security obligations
The most important security principle appear among the security measures in Articles 4, 7, 8 and 9 of the RTS: Strong and secure authentication
Financial service providers must implement authentication methods that rely on a minimum of two-factor authentication and a onetime password. Furthermore confidence in the code and the prevention of malicious acces are required.
The PSD2 highlights the fact that authentication is reliable only when it is ensured that the communication between end-user and bank can not be intercepted and that the data request sender is the user itself, and not a malware.
Securing end-to-end authentication
Securing the end-to-end authentication financial institutes must use end-to-end protection methods that protect against interference in communication and fraudulent acces such as man in the browser/man in the middle attacks.
The problem and the solution:
PSD2 states the problem that strong authentication is required from financial institutions and Codesealers products does solve part of that problem: Ensuring the prevention of malicious attacks in end-to-end communication.