PSD2 is a European regulation for electronic payment services. It seeks to make payments more secure, boost innovation by giving third parties access to bank infrastructure, and help banking services adopt new technologies. It distinguishes Payment Initiation Services (PIS) and Account Information Services (AIS).

What it means for your organisation

PSD2 has strict security requirements for operational processes, data, and banking interfaces. Organisations have to establish processes to report incidents, and prevent money laundering and fraud.

Implement security measures

PSD2 goes beyond strong customer authentication (SCA). It requires, for example, adequate access management, encryption, and data protection.

Obtaining a PSD2 license

Obtaining a PSD2 license is subject to regulator review and may take up to 12 months. Without proper documentation, a PSD2 application will be rejected.

Regular reporting to regulators

PSD2 regulators continuously audit the adherence by PSD2 licensees to the PSD2 license requirements.
Tidal Framework image

Continuous PSD2 compliance with Tidal Control

Systematic Integrity Risk Analysis

Perform your mandatory and periodic SIRA and other risk assessments directly in Tidal. Manage changes and control coverage.

Tidal PSD2 content library

Predefined PSD2 controls, with regulation references, test guidance, prefilled control labels, and suggested evidence.

Automated evidence collection

Collect data from your IT assets automatically and attach it to the right control activity. Receive an alert when new gaps are identified.

Periodic control tests

Periodically test for changes in your environment or internal processes and systems so your PSD2 controls are always up to date.

Monitor PSD2 compliance

One place to keep track of - and report on - security measures in place such as encryption and secure authentication.

Trust reporting

Demonstrate compliance with PSD2 directly from Tidal, to increase trust and shorten due diligence and contracting.