PSD2 is important, as it seeks to further modernize Europe’s payment services for the benefit of citizens and business. This new directive, which went into effect Sept. 14, 2019, “promotes the development of innovative online and mobile payments, more secure payments and better consumer protection,” states the European Commission.
A cornerstone of PSD2 is the requirement on Payment Service Providers (PSPs) that do business within the European Economic Area to use Strong Customer Authentication (SCA). SCA ensures that all electronic payments are performed with multi-factor authentication (MFA) to increase the security. The European Commission determined that in order to protect themselves from online fraud, consumers will have to prove their identity by providing at least two separate elements out of these three:
- something they know (a password or PIN code);
- something they own (a card, a mobile phone); and
- something they are (biometrics, e.g. fingerprint or iris scan).
And while the European Banking Authority is allowing in some cases additional time to get to full compliance, PSPs should do everything possible to ensure that their payment transactions use SCA. The longer they wait, the more opportunities they give for payment fraud to happen.
Appdome Enables PSD2 Compliance and Provides API Protection for Mobile Apps
Appdome makes it easy for banks and other financial service institutions to build strong customer authentication into their mobile banking and mobile payment apps. In addition, Appdome will secure all Mobile APIs so that banks and financial services institutions can mitigate against the risks highlighted in a September 2019 report from TrendMicro.
- Appdome Mobile Identity lets developers build 2FA, MFA and biometric solutions in their mobile apps. Some of the vendors supported on Appdome are Nexmo Verify, Ping Identity and OneLogin as well as Appdome’s own biometric solution.
- Appdome Mobile Security Suite lets developers encrypt their mobile app data, obfuscate the code and logic of their apps, secure all mobile APIs and harden their mobile banking and mobile payment apps to protect them against all types of mobile threats.
Appdome SecureAPI Protects and Secures Open Banking APIs
The second major principle described in the Regulatory Technical Standards (RTS) under PSD2 is Common and Secure Communication, aka Open Banking. Open Banking was introduced by the European Commission in a desire to bring more innovation and competition in the online banking and payments markets. It requires banks to share account details and transactions with third parties such as retailers, FinTech organization and competing banks through APIs.
The TrendMicro report highlights that APIs are at the heart of Open Banking and points to several security risks of the new Open Banking regulations. These are:
- Attacks on APIs;
- Attacks on the apps or mobile platforms;
- Attacks on FinTech companies;
- Attacks against the user.
Appdome SecureAPI™ mitigates against the first two risks and protects and secures Open Banking APIs without developers having to write an additional line of code. You can look forward to learn more about our Open Banking solutions in a later blog.
Recommendations for Banks and Financial Services Institutions
The PSD2 regulations cover any organization that is doing business in Europe or with consumers residing in Europe. As such, just like GDPR, PSD2 has implications for almost every bank and financial institution around the world. Appdome can help make your mobile banking and mobile payment apps PSD2 compliant today! See for yourself and start a free trial of Appdome today.
Come See Us @ Money 20/20!
Appdome is exhibiting at the Money 20/20 conference in Las Vegas, Oct. 28-30. Please visit the Appdome booth 1917 to learn more how Appdome MobileTRUST can help protect all your mobile banking, mobile payment and mobile commerce apps. Learn how you can use MobileTRUST to ensure PSD2 compliance of your mobile apps and SecureAPI to protect and secure your Open Banking APIs.