Book a demo form

Book a demo

E8 Brochure Campaign Traffic

Resource Download

Contact Us

Signup Form (Blog Page and Resources Page)

Services Signup (MSSP page popup)

MITRE Att@ck Download (SEIM Pages 2021)

Book a demo form

Landing page - free trial form

Book a demo

E8 Brochure Campaign Traffic

Landing page - E8 demo form

Download the SmartCheck Brochure

Request SmartCheck for Ransomware Demo

SmartCheck for Ransomware Demo

SmartCheck Demo LP

SmartCheck Demo LP 2

MITRE ATT@CK Webinar - Jun 2022

you must read and acknowledge our privacy policy

July 2022 Landing Page (Brochure Download)

  • This field is for validation purposes and should be left unchanged.

July 2022 Landing Page (Director)

  • This field is for validation purposes and should be left unchanged.

Insurance - 25 Minute Q&A

  • This field is for validation purposes and should be left unchanged.

Insurance - Checklist Download

  • This field is for validation purposes and should be left unchanged.

PSD2 & Open Banking Security Compliance

Financial Services and Banking cyber security solutions

Meet your PSD2 compliance obligations

Payment Services Directive 2 (PSD2) is a fundamental piece of payments-related legislation that came into force in Europe in January 2018. It is the update of the original Payment Services Directive that had the objective of creating a single market for payments within the European Union.

The main scope of PSD2 is to encourage pan-European competition and participation in the payment industry, also from non-banks, and to provide for a level playing field by harmonising consumer protection and the rights and obligations from payment providers and users.

PSD2 has links and similarities in some of its goals and clauses to the GPDR for data protection and privacy, such as notifying regulators of certain security breaches with a time-frame.

Download  PSD2 Compliance Guide Overview

Organisations that PSD2 applies to

PSD2 applies to existing Payment Service Providers (PSPs), i.e. banks, payment institutions and e-money institutions and new FS/Fintech start-ups, retailers and service providers.  These new players are divided into two types:

Account Information Service Providers (AISPs)

AISPs are providers that can connect to bank accounts and retrieve information from them. The Payment Service User will authorise the AISP to access their data through a secure connection  and download their transactional information.

By definition this group have access to a large amount of personal data and hence will need to factor in the requirements of GDPR as well as their financial sector obligations.

Payment Initiation Service Providers (PISPs)

PISPS can initiate payment transactions directly from bank accounts.  Historically, the payer initiated a payment directly through their bank. With PSD2, PISPs initiate payments through the bank’s payment systems and infrastructure on behalf of the payers; they act as a bridge between the payer and the payee.

PSD2  implications for cyber security

PSD2 required the European Banking Authority (EBA) to develop Guidelines on security measures for operational and security risks of payment services.  More specifically, PSD2 provides that payment service providers  shall establish a framework with appropriate mitigation measures and control mechanisms to manage operational and security risks relating to the payment services they provide.

In fulfilment of this mandate, the EBA has published security and operational risk regulations:

  • Security risk management and governance (which applies to all);  and
  • Handling of security incidents (especially major incidents) with defined timescales for reporting and response.

The regulations contain a range of requirements detailed within the guidelines; some directly security related and others, such as opening up systems through APIs for third parties, that also impose security challenges. Download the infographic to see the areas that the EBA’s security requirements cover.

Download  PSD2 Infographic

The latest regulatory requirements, that relate to strong customer authentication and third party access became effective in September 2019. You can find details in the UK Financial Conduct Authority’s PDF here.

Achieve PSD2 compliance with Huntsman Security’s PSD2 solution

Measurement of security control efficacy, continuous monitoring, reporting, the ability to handle API or machine-to-machine transaction flows and rapid (automated or system-assisted) incident detection, verification and response are all vital cyber security capabilities for companies bound to the PSD2 regulation.

Huntsman Security’s PSD2 solution can support you in developing your organisation’s alignment to PSD2.

Download the full PSD2  Compliance Guide

Find out more about PSD2 compliance

Email for more Info