PSD2 & open banking: Security and fraud impacts on banks
With implementation of the revised Payment Services Directive (PSD2), a new era of secure payments begins in the European Union. The new regulation offers enhanced customer protection against fraud, stringent liability and accountability norms, and strong customer authentication features.
PSD2 introduces electronic remote payment transactions based on dynamic linking and new types of payment services that allow customers’ accounts to be accessed via application programming interfaces (APIs).
The directive provides measures to protect the confidentiality and integrity of personalized security credentials. Banks will now be authorized to block third-party access to accounts if they detect unauthorized or fraudulent activity. At the same time, providers who fail to authenticate a transaction appropriately will now be held liable for any resulting breaches.
If you want to learn more about security impacts of PSD2 & Open Banking read Accenture's latest Point-Of-View (link below).
LINK to Accenture's PSD2 & Open Banking Security and Fraud Impacts on Banks POV
Enterprise/Solution Architect: Integration, Governance, Digital Transformation, Services, Security
7 年"The new regulation offers enhanced customer protection against fraud" - does it really? According to the PSD2 supplement documents. we can authenticate TPP - a person or a company, but we cannot verify during the API request if this entity had been registered with the Authority, at least, Guidelines do not say anything about it. If we use fully automated APIs, we cannot confirm that the Account Holder had been properly authenticated because s/he does not communicate with the Account holding bank as well as we cannot verify if the Account Holder had given his/her consent voluntarely and for this particular API requies (i.e. not for one done on his/her behalf a month ago). And so on. Thus, PSD2, as it is today, is full of gaps that only a lasy fraudent guy would not expose.
Great foundation for our Open Banking & PSD2 Security event between Security solution providers, Fintech actors, Banks and Regulators, April 27th in Brussels. Upfront maybe missing a specific heading on Privacy (but GDPR is included), the NIS directive & Critical Infrastructures impact, identifying a bit deeper the roles of TTP's, man in the middle attacks and capabilities in detecting security incidents (beyond fraud detection). https://mcaf.ee/nbd17p