PSD2 is a European regulation for electronic payment services. It seeks to make payments more secure, boost innovation by giving third parties access to bank infrastructure, and help banking services adopt new technologies. It distinguishes Payment Initiation Services (PIS) and Account Information Services (AIS).
What it means for your organisation
PSD2 has strict security requirements for operational processes, data, and banking interfaces. Organisations have to establish processes to report incidents, and prevent money laundering and fraud.
Implement security measures
- PSD2 goes beyond strong customer authentication (SCA). It requires, for example, adequate access management, encryption, and data protection.
Obtaining a PSD2 license
- Obtaining a PSD2 license is subject to regulator review and may take up to 12 months. Without proper documentation, a PSD2 application will be rejected.
Regular reporting to regulators
- PSD2 regulators continuously audit the adherence by PSD2 licensees to the PSD2 license requirements.
Continuous PSD2 compliance with Tidal Control
Systematic Integrity Risk Analysis
- Perform your mandatory and periodic SIRA and other risk assessments directly in Tidal. Manage changes and control coverage.
Tidal PSD2 content library
- Predefined PSD2 controls, with regulation references, test guidance, prefilled control labels, and suggested evidence.
Automated evidence collection
- Collect data from your IT assets automatically and attach it to the right control activity. Receive an alert when new gaps are identified.
Periodic control tests
- Periodically test for changes in your environment or internal processes and systems so your PSD2 controls are always up to date.
Monitor PSD2 compliance
- One place to keep track of - and report on - security measures in place such as encryption and secure authentication.
- Demonstrate compliance with PSD2 directly from Tidal, to increase trust and shorten due diligence and contracting.