Demo Free trial Request quote Contact me

PSD2 (Payment Service Directive 2)

Increased requirements for IT security with new EU directive

The new Payment Service Directive (PSD2) became effective on the 14th of September 2019. The aim of the directive is to standardize the market, strengthen customer safety and support technical innovation through increased competition. The new standard requires stronger identity controls, with for example two-factor authentication for online payments.

PSD2 is an updated version of the current payment service directive, PSD. The biggest difference between the two is that banks will now be forced to make their API:s more open and accessible. A result of this is that third party services can use the banks customer data and infrastructure. If the client first authorized it, internet payments can be initiated directly from the client’s bank account. The directive enables for more companies to enter the market and compete with traditional banks.

PSD2 & security requirements

The PSD2 directive imposes new safety requirements in terms of product and system development. Here are some of the requirements:

  • Continuous testing of processes and security systems.
  • Risk assessment – including identification and classification of functions, processes and assets, as well as access control.
  • Processes and functions to continuously monitor business functions, transactions, information assets with correlated measure to identify information leaks, vulnerable code and general known vulnerabilities.
  • Framework for dealing with operative risks and security risks, which should be integrated in the risk management process.
  • Continuity plans and ongoing continuity controls.

Our solution

This is how we help your organization meet the challenges with the PS2D directive.

Challenge:Solution:Description:
Regular testing of security systems and risk assessment.
Vulnerability assessment of networks and systems.
Our Network Scanning and Web Application Scanning services continuously scan your networks and systems for vulnerability that can be used for infringement and sabotage.
Detection of vulnerabilities.Vulnerability assessment of networks and systems.
Our Network Scanning and Web Application Scanning services continuously scan your networks and systems for vulnerability that can be used for infringement and sabotage.