What it means for your organisation
PSD2 has strict security requirements for operational processes, data, and banking interfaces. Organisations have to establish processes to report incidents, and prevent money laundering and fraud.
- Implement security measures
- PSD2 goes beyond strong customer authentication (SCA). It requires, for example, adequate access management, encryption, and data protection.
- Obtaining a PSD2 license
- Obtaining a PSD2 license is subject to regulator review and may take up to 12 months. Without proper documentation, a PSD2 application will be rejected.
- Regular reporting to regulators
- PSD2 regulators continuously audit the adherence by PSD2 licensees to the PSD2 license requirements.
Frameworks
Payment Service Directive 2
- Systematic Integrity Risk Analysis
Perform your mandatory and periodic SIRA and other risk assessments directly in Tidal. Manage changes and control coverage.
- Tidal PSD2 content library
Predefined PSD2 controls, with regulation references, test guidance, prefilled control labels, and suggested evidence.
- Automated evidence collection
Collect data from your IT assets automatically and attach it to the right control activity. Receive an alert when new gaps are identified.
- Periodic control tests
Periodically test for changes in your environment or internal processes and systems so your PSD2 controls are always up to date.
- Monitor PSD2 compliance
One place to keep track of - and report on - security measures in place such as encryption and secure authentication.
- Trust reporting
Demonstrate compliance with PSD2 directly from Tidal, to increase trust and shorten due diligence and contracting.