KuppingerCole Report
Whitepaper
By John Tolbert

Preparing for PSD2 technical requirements using RSA solutions

The Revised Payment Service Directive (PSD2) will drive many changes in technical infrastructure at financial institutions across Europe. Banks and other financial service providers must quickly prepare for PSD2. RSA provides foundational technical capabilities in their SecurID, Adaptive Authentication, Web Threat Detection, and Archer products that can help businesses meet the technical challenges posed by PSD2.
By
jt@kuppingercole.com

1 Executive Summary

In the European Union, the Revised Payment Services Directive (PSD2) will radically alter the financial services landscape. It has already begun to c ...

Login Free 30-day Select Access Get full Access

2 Highlights

  • EU PSD2 took effect in January 2018
  • The Regulatory Technical Specifications (RTS) govern the implementation of Strong Customer Authentication (SCA ...
Login Free 30-day Select Access Get full Access

3 PSD2: The background and Regulatory Technical Specifications

PSD2 will revolutionize payments and financial services across the EU. PSD2 aims to foster competition in the financial sector, increase transactional ...

Login Free 30-day Select Access Get full Access

3.1 Background and goals of PSD2

The original PSD helped establish the Single Euro Payments Area (SEPA), facilitated cross-border payments, cut fees and increased choices for consumer ...

Login Free 30-day Select Access Get full Access

3.2 Strong Customer Authentication

Clients of financial services must use strong authentication methods to access financial resources. As written, PSD2 defines strong authentication in ...

Login Free 30-day Select Access Get full Access

3.3 Secure Communications

Banks and other account holding institutions must expose APIs for AISPs and PISPs to utilize. AISPs will need to create accounts and read account inf ...

Login Free 30-day Select Access Get full Access

3.4 Market changes and risks

Banks will still hold money and make loans, but new companies are emerging that will also provide services to handle account aggregation and payment m ...

Login Free 30-day Select Access Get full Access

4 PSD2 RTS architecture

Complying with PSD2’s regulatory technical specifications almost certainly means building new capabilities, functions, and features. Correspondingly ...

Login Free 30-day Select Access Get full Access

4.1 SCA

Many CIAM and IAM solutions on the market today support the concept of SCA. Companies that have to comply with PSD2’s SCA provisions must decide whe ...

Login Free 30-day Select Access Get full Access

4.2 Anti-malware capabilities

In Clause 2 of Article 2, PSD2 RTS states “Payment service providers shall ensure that the transaction monitoring mechanisms take into account, a ...

Login Free 30-day Select Access Get full Access

4.3 Secure APIs

Banks have to provide secure APIs for TPPs and other banks to use. Banks have the most work to do here. Almost invariably, banks will have to implemen ...

Figure 1 shows some samples of the kinds of API calls that AISPs and PISPs will make to banks. The API calls are grouped by HTTP POSTs and GETs. Trans ...

Login Free 30-day Select Access Get full Access

5 RSA solutions that can contribute to PSD2 compliant architectures

RSA SecurID Access, RSA Adaptive Authentication, RSA Web Threat Detection, and RSA Archer provide SCA, transactional risk analysis, malware and threat ...

Login Free 30-day Select Access Get full Access

5.1 RSA SecurID Access

RSA makes many identity and security products and services, but perhaps the most recognizable product is the SecurID token. But that is just one of ma ...

Login Free 30-day Select Access Get full Access

5.2 RSA Adaptive Authentication

RSA Adaptive Authentication is a risk-based authentication and fraud detection platform deployed today at over 3,000 organizations. It utilizes the R ...

Login Free 30-day Select Access Get full Access

5.3 RSA Web Threat Detection

RSA Web Threat Detection is a component of the RSA Fraud and Risk Intelligence Suite. It can be deployed on-premises, in the cloud, or run as a multi- ...

Login Free 30-day Select Access Get full Access

5.4 RSA Archer

RSA Archer is an industry-leading GRC platform. It contains a variety of functionally discrete modules and has been extended by a number of third part ...

Login Free 30-day Select Access Get full Access

6 Recommendations

PSD2 is fast approaching, and the RTS will require major technology insertions for many banks and TPPs. IAM/CIAM infrastructure may need to be upgrade ...

Login Free 30-day Select Access Get full Access

6.1 Recommendations for conducting a PSD2 Readiness Assessment

  • Read and understand the text of PSD2 and the latest RTS. Know which sections apply based on your type of business: banks will have the most work to ...
Login Free 30-day Select Access Get full Access

6.2 Recommendations for meeting PSD2’s SCA and API Security Requirements

  • If desired strong authentication options are not available in your current IAM solution, procure and deploy a modern IAM / adaptive authentication s ...
Login Free 30-day Select Access Get full Access

Endnotes

  1. p. 42.

Copyright

©2019 KuppingerCole Analysts AG all rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole´s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarksTM or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

KuppingerCole Analysts support IT professionals with outstanding expertise in defining IT strategies and in relevant decision-making processes. As a leading analyst ompany, KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business.

KuppingerCole Analysts, founded in 2004, is a global analyst company headquartered in Europe focusing on Information Security and Identity and Access Management (IAM). KuppingerCole stands for expertise, thought leadership, outstanding practical relevance, and a vendor-neutral view on the information security market segments, covering all relevant aspects like: Identity and Access Management (IAM), Governance & Auditing Tools, Cloud and Virtualization Security, Information Protection, Mobile as well as Software Security, System and Network Security, Security Monitoring, Analytics & Reporting, Governance, and Organization & Policies.

For further information, please contact clients@kuppingercole.com.

top