What do you need to become PSD2 compliant?

Author: Thomas Bröker

Posted on October 8, 2018

PSD2 took effect earlier this year. (Don’t know what PSD2 is? As a business, you might be wondering what exactly you will need to become PSD2-compliant. Although the exact legislation may differ slightly across EU member states, the ground rules are all the same. We will set out some of the main requirements for you here.
our dedicated blog post.

What has changed?

This change will open up the European financial services market, making it more integrated and more efficient.
The main change PSD2 has introduced is the fact that banks and account-holding institutions must provide secure access to their accounts through APIs. The purpose of the directive is to enable external service providers, the so-called Third Party Providers (TPPs), to offer information and payment services directly to consumers.

Screen Shot 2018-10-09 at 15.42.20

Who will be affected by PSD2?

PSD2 will affect most anyone dealing with (digital) financial services. The impact, however, will differ depending on your perspective. Financial services providers will see new opportunities opening up as they can qualify as Third Party Providers (read more about the opportunities for TPPs in our dedicated article). Businesses that are currently using (bank-owned) payment or information services could obtain a TPP license to take these services in-house and reap the benefits of a range of insights based on payment behavior. For banks, PSD2 will mean increased competition from non-banking institutions for payment and information services, as well as the need to create APIs to give external service providers secure access to accounts. However, banks can choose to get in on the action by becoming TPPs themselves, allowing them to retain and improve their customer relationships by competing with external providers. Consumers will benefit from more innovative payment and financial services, and thanks to the more competitive market, prices for these services should drop.

Compliance checklist

For banks and account-holding institutions:

  • Create APIs to access transactional payment data that support:                 
              - Strong Customer Authentication (multi-factor and continuous authentication)
              - User behavioral analytics
              - Fine-grained access control
              - Real-time access
              - Fraud monitoring
  • Provide Access to Account (XS2A)
  • Set up a Consumer Identity and Access Management (IAM or CIAM) solution
  • Implement and manage network and API security infrastructure including:
              - Firewalls
              - Intrusion detection
              - Web application firewalls
              - Client authentication and authorization services
              - Trust management solutions

For TPPs:

  • Obtain a PISP or AISP license
  • Establish a framework of trust with banks and account-holding institutions
  • Build secure applications featuring
              - User consent
              - Fine-grained access control
              - Fraud monitoring
  • Implement a Consumer Identity and Access Management solution to facilitate:
              - User behavioral analytics
              - Strong Customer Authentication (multi-factor or continuous authentication)
              - Know Your Customer
              - Anti-money laundering initiatives

How can Onegini help?

Onegini offers a CIAM platform you can use to start a TPP or become PSD2-compliant. Aside from offering a range features to facilitate PSD2 compliance, Onegini Connect also allows you to create a tailor-made, frictionless login and authentication experience for your customers. This can give you a significant competitive advantage: on a technical level you will find it much easier to collaborate with partners (banks or TPPs) and consumers will love the seamless user experience. 

 

Banks

TPPs

Supported by Onegini Connect

XS2A

   

Multi-factor authentication

 

User behavioral analytics

 

ISO 27001 certification

 

 Coming soon

Customer onboarding

A flexible platform with many integrations

 


Get started on your PSD2 compliance today 

Not sure how to go about becoming PSD2-compliant? We’re always happy to advise you on the best way forward. Even if that doesn’t include our platform (although we are sure we can offer you great added value!). So please feel free to contact us for a no-strings consultation via the form below!

 

Get in touch with us