Payment Services Directive (PSD2) Solutions

PSD2 and Open Banking bring speed, flexibility and choice to existing banking functions for consumers — and they will clearly lead to entirely new sets of products and services. Banks looking to capitalize on PSD2 opportunities need to think about how to position themselves in the market to offer a comprehensive solution to their customers.  

The foundation for PSD2 enablement and open banking success is trusted identity. Ask us to demonstrate how efficient and easy can be to place a strong identity on your customer’s phone that lives within your mobile banking app. Consumers can use this single trusted identity to verify transactions, make online and mobile purchases, move money between accounts, access self-service kiosks, interact with ATMs and more. When consumers rely on the trusted identity you provide, your brand and your identity become the center of the consumer’s expanding financial ecosystem — while ensuring a secure experience. Our solutions allow you to extend trusted identity to more than your customers. Every person or machine that’s part of your digital ecosystem requires a trusted identity to ensure both security and great customer experiences. This means issuing trusted identities to employees, apps, networks and, eventually, devices connected to an Internet of Things (IoT) ecosystem.

These two critical initiatives seem to be at odds. PSD2 advocates for sharing customer data, while GDPR promises severe financial consequences for organizations that violate consumer data privacy regulations. While it seems there will be more direct guidance coming from governing bodies in the future, banks must — for the time being — balance both requirements using their best judgement. This means that banks should avoid a separate or siloed approach to their GDPR and PSD2 implementations. Approach them as a unified initiative and develop a single framework that simultaneously makes customer data available, yet protects that same data from being compromised by hackers. For help with this important balancing act, our product specialist are available to help you.

 Transparent and friction less user experience

A key PSD2 requirement is Strong Customer Authentication (SCA). Because usernames and passwords don't provide sufficient security, the new directive calls for two-factor authentication for all electronic transactions. Our authentication solutions help you enable your PSD2 requirements — and they ensure a transparent and friction less user experience.


Two-Factor Authentication

The use of two independent authentication methods is mandated. If one of the methods involves a smart phone or other mobile device, security measures are required to ensure that the device being used has not been compromised. Our solutions offer the widest range of authenticators, suitable for every different customer need, including mobile and adaptive authentication options that ensure truly friction less experiences for end users

Transaction Monitoring & Fraud Prevention

PSD2 mentions the need for transaction monitoring software that analyzes risk as transactions are taking place. Our fraud prevention solutions enable fraud prevention tools with adaptive capabilities. Factors such as payment amounts, known fraud scenarios, payer/payee locations and device reputation are used to allow, challenge or stop transactions.

Dynamic Linking

Hackers have learned to insert themselves into the middle of legitimate electronic transactions after they’ve been initiated — which has created the need for dynamic linking. Our solutions link the authentication codes to specific transaction amounts and payees. If either the amount or the payee changes during a transaction, a new code is issued. Our solution — which can feature OTP codes, mobile push notifications or other authenticators — also provides a highly secure channel for transactions to be conducted.

Runtime Application Self-Protection (RASP)

The proliferation of mobile payment apps creates new opportunities for hackers. Our solutions detect anomalous behavior and block compromised apps from executing any further operations. Only authorized requests from server will be executed by the app. Even if a fraudulent entity “fools” the app into signing a transaction, the verification will fail.