PSD2 Compliance

One of the key changes that the Revised Payment Service Directive (PSD2) brings is the introduction of new players – the third-party Payment Service Providers (PSPs), such as Account Information Service Providers (AISPs) and Payment Initiation Service Providers (PISPs), this will bring more choices for the end users. For the banks, this is a new challenge, to keep their users (or even attract more users), they must provide customers with not just secure PSD2 compliant but also easy to use solutions.

As the world’s leading supplier and provider of digital security solutions, FEITIAN is providing identification solution to many world leading banks, we can help banks to accomplish PSD2 compliance.


PSD2 Compliance with FEITIAN

To achieve PSD2 compliance, the below two requirement must be fulfilled:

Strong Customer Authentication

One of the key security requirements to achieve PSD2 compliance is the adoption of the SCA for all electronic transactions, under PSD2, two-factor authentication (2FA) will become mandatory, identification result must be based on two (or more) independent of the three factors (a. something you have, such as tokens or mobile devices, b. something you know, such as your PIN, and c. something you are, such as fingerprint, iris, etc.).

FEITIAN Identification solution can provide multiple options for banks to adopt for their 2FA, which includes hardware authenticators (such as OTP tokens, OTP display cards, PKI key fobs, FIDO U2F and FIDO2 security keys) and mobile authenticators (mobile OTP).

Dynamic Linking

Dynamic Linking is a new concept brought by RTS: for payment transactions, the authentication code must be dynamically linked to the transaction details (the transaction amount and the payee), this is to avoid man-in-the-middle attacks, whereby an attacker modifies the transaction amount or the payee after the payer authenticated the with not-dynamic-linked authentication code.