PSD2: Strong customer authentication and the need for action for third-party providers
Since 13 January 2018, the second EU Payment Services Directive (PSD2) has been in force. The directive requires banks to set up interfaces to enable third-party providers to access their customers’ account data. Third-party providers are FinTechs and payment service providers that initiate payments or access customer account data for their business purposes. Provided that the customer wishes and actively consents to this, third-party providers certified by the German Federal Financial Supervisory Authority (BaFin) can query account information or initiate payments on the basis of the PSD2. The new PSD2 regulations will come into force on 14 September 2019. In addition, the PSD2 requirements on strong customer authentication in electronic payment transactions will also come into force.
Certification of third-party providers by the accredited SRC Certification Body
Not every third-party provider is granted access to customer account information. This privilege — access to account information or initiating payments — is reserved for certified third parties. By certifying your product/solution to implement “Strong Customer Authentication”, you are giving your customers and other stakeholders (e.g. authorities) confidence that the product/solution meets the requirements of PSD2/RTS. The certification serves the higher acceptance and facilitates the market access as well as making it possible in the first place.
Your SRC certificate — Approved Security!
In this context, the certification body of SRC was accredited by the German Accreditation Body (DAkkS) according to the requirements of the ISO 17065 standard. The DAkkS as accrediting body and the SRC as certification body are identified by their own logos. The certification of your product/solution includes in particular the impartial and competent proof that these fulfil the requirements according to PSD2. Your customer can find the product name, the fulfilled requirements, the certification body and its basis for accreditation (ISO 17065) on the certificate.