PSD2: Strong customer authentication and need for action for third-party providers
The second EU Payment Services Directive (Payment Services Directive 2 – PSD2) has been in force since January 13, 2018. It obliges banks to set up interfaces to allow third-party providers access to their customers’ account data. Third-party providers are FinTechs and payment service providers that want to initiate payments or view customer account data for their business purpose. Provided that the customer wishes to do so and actively consents, third-party providers certified by the German Federal Financial Supervisory Authority (BaFin) can request account information or initiate payments on the basis of PSD2. The new PSD2 regulations will come into force on September 14, 2019. In addition, the PSD2 provisions on strong customer authentication in electronic payment transactions will also come into force at the same time.
Certification of third-party providers by the accredited SRC certification body
Not just any third-party provider is granted access to customer account information. This privilege – access to account information or the initiation of payments – is reserved for certified third-party providers. By certifying your product/solution for the implementation of “Strong Customer Authentication”, you give your customers and, if applicable, other parties (e.g. authorities) the confidence that the product/solution meets the requirements of PSD2/RTS. Certification serves to increase acceptance and facilitates market access or is intended to make this possible in the first place.
Your SRC certificate – Approved Security!
In this context, SRC’s certification body was accredited by the German Accreditation Body (DAkkS) in accordance with the requirements of the ISO 17065 standard. The DAkkS as the accrediting body and SRC as the certification body are identified by their own logos. The certification of your product/solution includes, in particular, impartial and competent proof that it meets the requirements of PSD2. Your customer can see the product name, the requirements met, the certification body and its basis for accreditation (ISO 17065) on the certificate.