PSD2 And Open Banking

The Secure Communications (SC) Requirement

Another key PSD2 requirement is Secure Communication (SC). PSD2 Qualified Website Authentication Certificates (QWACs) form the highest level of authentication and will be required to secure the Open Banking APIs used for transferring private data when making a payment or transferring money. They are meant to bring greater transparency, accountability and authentication to users in the EU marketplace.

Our QWACs Secure Communication solution enables PSD2 compliance, while providing greater transparency, accountability, and authentication to users in the European Union marketplace.

Establish Trust for Secure Communications

PSD2 requirements expand upon existing verification requirements for third-party providers requiring them to purchase specialty SSL/TLS certificates known as PSD2 QWACs. These certificates provide the highest level of assurance and the most robust foundation of trust available for securing sensitive transactions.

Transaction Monitoring & Fraud Protection

PSD2 mentions the need for transaction monitoring software that analyzes risk as transactions are taking place. Our solutions enable fraud prevention tools with adaptive capabilities. Factors such as payment amounts, known fraud scenarios, payer/payee locations and device reputation are used to allow, challenge or stop transactions.

Encrypt Communications

Strong encryption coupled with high assurance provide third-party service providers and users a high degree of confidence when transferring sensitive data online. The PSD2 QWACs provided by Entrust use: RSA Encryption Algorithm, SHA-2 Hashing Algorithm, and a minimum key size of 2048 bits — all of which meet or exceed the minimum requirements for encrypting online transactions.

Balancing PSD2 Data Sharing Requirements with GDPR Guidelines

These two critical initiatives seem to be at odds. PSD2 advocates for sharing customer data, while GDPR promises severe financial consequences for organizations that violate consumer data privacy regulations. While it seems there will be more direct guidance coming from governing bodies in the future, banks must — for the time being — balance both requirements using their best judgement. This means that banks should avoid a separate or siloed approach to their GDPR and PSD2 implementations. Approach them as a unified initiative and develop a single framework that simultaneously makes customer data available, yet protects that same data from being compromised by hackers. For help with this important balancing act, contact an Entrust trusted identity expert.