The digitization of financial services and the advent of open banking pose a series of game-changing implications for service providers and consumers alike. Correct compliance with the EU's revised regulatory framework, PSD2, is key for the successful transition of online payment service providers (i.e. banks and financial services firms) to API-led connectivity and a more competitive and innovative market. Guardsquare provides security solutions that fit within the Zero Trust security model and safeguard mobile apps against reverse engineering and hacking, as well as protect the RTS implementation requirements for PSD2 compliance. Our solutions also enable a Trusted Execution Environment for processing electronic payments on mobile devices.
The following article sums up what PSD2 means for your apps and business, and how Guardsquare can help with compliance before the directive comes into full effect in all 28 EU member states on December 31st, 2020.
PSD2 revolutionizes online payments by giving banks and non-banking third party players (TPPs) access to consumer bank account information, while (1) enforcing higher security measures for consumer payments, (2) fostering innovation and (3) encouraging competition among all service providers. Complying with PSD2 regulations enables for the optimization and democratization of e-payment services, enhancement of customer experience and retention. As PSD2 grants new access rights to TPPs and banks, it also enforces stricter security measures to consumer account information.
In short, PSD2 is responsible for two key changes for which implementation requirements are defined by the Regulatory Technical Standards (RTS):
Protecting your financial transactions at the app level is the most effective way to prevent unauthorized access to your application’s services. As the global reference in mobile application security, Guardsquare provides software that protect SCA implementation and enable a Trusted Execution Environment for processing electronic payments on mobile devices.
Our solutions fulfill PSD2/RTS implementation requirements by correctly applying hardening techniques at critical code locations through:
Each technique enables for PSD2 compliance specifically through their fulfillment of RTS Article 4/3(c), 6, 7, 8, 9, 21/2(a) and 22/1(b), as shown below:
As mobile applications become a critical part of financial infrastructures, app security and compliance become imperative for any successful IT security model today, such as Zero Trust. Our software (DexGuard, iXGuard) help ensure the overall effectiveness of your IT security architecture by safeguarding your mobile endpoint. Ensuring app and platform integrity, through preventing reverse engineering and hacking, is also vital in protecting multiple points discussed in PSD2.
Our technical solutions fulfill specific PSD2/RTS requirements, such as obfuscation of critical code and resources used for unique identification, to prevent replication of the information used to uniquely identify the device; Software and platform integrity testing, to ensure a trusted/secure execution environment; Device fingerprinting, to prevent that the device hosting the app is used by an unauthorised person; SSL pinning, to protect communications to the backend from eavesdropping or interception.