Final rules on PSD2 shifts focus to security
The final recommendations for the second Payment Services Directive (PSD2) have outlined a series of strict rules that would improve security, and have the potential to push for greater innovation.
The European Commission has announced the final regulatory technical standards (RTS) for PSD2. Published on November 27, its recommendations would see screen scraping outlawed, and increase the strength of customer authentication needed to complete a transaction.
|Kevin Bocek, Venafi|
Kevin Bocek, vice president of security strategy and threat intelligence at cybersecurity company Venafi, says: “The ban on screen scraping is perhaps the most significant aspect of the RTS. It will really drive a lot of change.” The ban will hit a number of third party providers (TPP) whose business models are based on the ability to screen scrape. Their systems work by accessing customer’s information and using it in their place, while looking to the bank’s systems as if it was the customer themselves. Now it will be obvious to the bank that it is not the customer who is accessing their account.
Bocek says: “The rules are putting the banks back in control.