NextGenPSD2 certification

NextGenPSD2 certi­fi­cation | SRC launches audits for XS2A

Are you ready to certify your NextGenPSD2 implementation?

The revised Payment Services Directive (PSD2) requires banks to allow autho­rized third parties access to customer data. These third party payment service providers (TPP) are to be granted access via a programming interface (XS2A) with the customer’s consent. With this data, TPPs will be able to offer innov­ative payment initi­ation and account infor­mation services. The NextGenPSD2 certi­fi­cation promotes the imple­men­tation of a uniform standard.

Most banks and API providers in Europe implement the XS2A interface using the NextGenPSD2 framework of the Berlin Group. This is an open and Europe-wide harmo­nized solution for imple­menting the PSD2 require­ments for the XS2A interface.

The correct imple­men­tation of the XS2A interface relieves the institute from imple­menting a fallback interface solution. The NextGenPSD2 Imple­men­tation Support Program (NISP) offers the partic­i­pants a testing framework with test concept, test case catalog, compliance best practices and test tool require­ments. The imple­menting institute evaluates its own work. As a result, the imple­men­tation is completed. It remains to be seen if this self-assessment will be considered suffi­cient by the super­visory authority (NCA).

Why should you undergo the NextGenPSD2 certification?

The self-assessment of the NextGenPSD2 imple­men­tation already offers a high level of quality. However, different inter­pre­ta­tions of the speci­fi­cation can lead to inter­op­er­ability problems. There is currently no documented agreement between banks and third-party providers on the exact imple­men­tation of the XS2A interface. This increases the proba­bility that the respon­sible super­visory authority of the banks will refuse the exemption from the imple­men­tation of a fallback interface solution.

SRC has extensive and detailed expertise from its involvement in the speci­fi­cation and imple­men­tation of the XS2A interface as part of NISP. On this basis, we have developed the NextGenPSD2 certi­fi­cation for you.

How does the NextGenPSD2 certi­fi­cation process work?

Require­ments for the NextGenPSD2 certi­fi­cation are the test case catalogue, the imple­men­tation profile and the test speci­fi­cation of the imple­menting institute. SRC uses these require­ments to carry out a complete functional, security and perfor­mance audit of the NextGenPSD2 implementation.

Audit Validation

During validation, the imple­men­tation is reviewed with respect to the require­ments of the documentation.

Functional part

In the functional part, the test speci­fi­ca­tions are executed and the results are verified.

Non-functional part

In the non-functional part, the avail­ability of the imple­men­tation (stress test) is deter­mined and evaluated at relevant points.

Security test

In the security test, methods of penetration testing are used. It is evaluated if the imple­men­tation of the XS2A interface offers suffi­cient protection against fraud attempts on customer data and transactions.

The certi­fi­cation is documented in a final report. If all require­ments are at least suffi­ciently fulfilled, the institute receives an SRC certificate. With this certificate, the conformity of the imple­mented XS2A interface can be demon­strated to third parties and the super­visory authority. Based on the first certi­fi­cation, regression audits can be carried out in the future.

SRC consulting services for devel­opment optimization or for creating the test speci­fi­cation can be used to prepare for the NextGenPSD certification.

Why SRC?

As a co-editor of the NextGenPSD2 Framework and the NISP Testing Framework, SRC has a deep under­standing of the NextGenPSD2 standards and all tasks associated with testing. In addition, SRC has many years of experience in devel­oping test environ­ments with many licensed auditors for multiple functional and security evalu­a­tions according to formal certi­fi­cation schemes. As a result, SRC is able to carry out a high-quality audit with manageable effort.

Are you inter­ested in NextGenPSD2 certi­fi­cation? Then please contact us at info@src-gmbh.de.