Posts

NextGenPSD2 certification

NextGenPSD2 certi­fi­cation | SRC launches audits for XS2A

Are you ready to certify your NextGenPSD2 imple­men­tation?

The revised Payment Services Directive (PSD2) requires banks to allow autho­rized third parties access to customer data. These third party payment service providers (TPP) are to be granted access via a programming interface (XS2A) with the customer’s consent. With this data, TPPs will be able to offer innov­ative payment initi­ation and account infor­mation services. The NextGenPSD2 certi­fi­cation promotes the imple­men­tation of a uniform standard.

Most banks and API providers in Europe implement the XS2A interface using the NextGenPSD2 framework of the Berlin Group. This is an open and Europe-wide harmo­nized solution for imple­menting the PSD2 require­ments for the XS2A interface.

The correct imple­men­tation of the XS2A interface relieves the institute from imple­menting a fallback interface solution. The NextGenPSD2 Imple­men­tation Support Program (NISP) offers the partic­i­pants a testing framework with test concept, test case catalog, compliance best practices and test tool require­ments. The imple­menting institute evaluates its own work. As a result, the imple­men­tation is completed. It remains to be seen if this self-assessment will be considered suffi­cient by the super­visory authority (NCA).

Why should you undergo the NextGenPSD2 certi­fi­cation?

The self-assessment of the NextGenPSD2 imple­men­tation already offers a high level of quality. However, different inter­pre­ta­tions of the speci­fi­cation can lead to inter­op­er­ability problems. There is currently no documented agreement between banks and third-party providers on the exact imple­men­tation of the XS2A interface. This increases the proba­bility that the respon­sible super­visory authority of the banks will refuse the exemption from the imple­men­tation of a fallback interface solution.

SRC has extensive and detailed expertise from its involvement in the speci­fi­cation and imple­men­tation of the XS2A interface as part of NISP. On this basis, we have developed the NextGenPSD2 certi­fi­cation for you.

How does the NextGenPSD2 certi­fi­cation process work?

Require­ments for the NextGenPSD2 certi­fi­cation are the test case catalogue, the imple­men­tation profile and the test speci­fi­cation of the imple­menting institute. SRC uses these require­ments to carry out a complete functional, security and perfor­mance audit of the NextGenPSD2 imple­men­tation.

Audit Validation

During validation, the imple­men­tation is reviewed with respect to the require­ments of the documen­tation.

Functional part

In the functional part, the test speci­fi­ca­tions are executed and the results are verified.

Non-functional part

In the non-functional part, the avail­ability of the imple­men­tation (stress test) is deter­mined and evaluated at relevant points.

Security test

In the security test, methods of penetration testing are used. It is evaluated if the imple­men­tation of the XS2A interface offers suffi­cient protection against fraud attempts on customer data and trans­ac­tions.

The certi­fi­cation is documented in a final report. If all require­ments are at least suffi­ciently fulfilled, the institute receives an SRC certificate. With this certificate, the conformity of the imple­mented XS2A interface can be demon­strated to third parties and the super­visory authority. Based on the first certi­fi­cation, regression audits can be carried out in the future.

SRC consulting services for devel­opment optimization or for creating the test speci­fi­cation can be used to prepare for the NextGenPSD certi­fi­cation.

Why SRC?

As a co-editor of the NextGenPSD2 Framework and the NISP Testing Framework, SRC has a deep under­standing of the NextGenPSD2 standards and all tasks associated with testing. In addition, SRC has many years of experience in devel­oping test environ­ments with many licensed auditors for multiple functional and security evalu­a­tions according to formal certi­fi­cation schemes. As a result, SRC is able to carry out a high-quality audit with manageable effort.

Are you inter­ested in NextGenPSD2 certi­fi­cation? Then please contact us at info@src-gmbh.de.

NextGenPSD2

SRC GmbH hosts the NextGenPSD2 Conference 2017 in Berlin

The NextGenPSD2 standard of the Berlin Group

In the context of the six-week public market consul­tation of the Berlin Group on its NextGenPSD2 standard for account access “Access to Accounts” (XS2A), which enables third parties to access payment accounts within the framework of the provi­sions of the revised EU directive for payment services (PSD2), SRC GmbH is also hosting a NextGenPSD2 conference. This will take place on October 25, 2017 in Deutsche Bank’s Atrium in Berlin. The conference offers a detailed program that shows how NextGenPSD2 builds a bridge into the banking system and reduces the complexity of the revised Payment Services Directive (PSD2) and the require­ments for access to accounts (XS2A). It also highlights how Third Party Payment Service Providers (TPPs) can provide innov­ative solutions for customers using modern appli­cation programming inter­faces (APIs) for secure access to bank accounts.

Change in payment trans­ac­tions

The conference offers experi­enced specialists, devel­opers, FinTechs, banks, processors and other experts involved in the PSD2 standard an excellent oppor­tunity to learn in detail how NextGenPSD2 will change daily payment trans­ac­tions in the coming years. A variety of policy insiders, experts and stake­holders will provide infor­mation on the background, goals and details of the open and collab­o­rative NextGenPSD2 XS2A API standard. Accord­ingly, the meeting offers a great oppor­tunity for a compre­hensive expla­nation of the topic and to clarify open questions. The conference will also be honoured with an insightful keynote opening speech by the European Central Bank and offers several panel discus­sions with banks, regulators, FinTechs and consumer organ­i­sa­tions.

Networking in Microsoft Lounge and Digital Eatery

The conference also offers excep­tional networking oppor­tu­nities: On the evening of 24 October 2017 (from 6 p.m.), the Microsoft Lounge and Digital Eatery will open their doors to the partic­i­pants and provide access to a get-together event with delicious cuisine and refreshing drinks at no extra cost.