PSD2 | Regulations for Payment Service Providers
The EU’s Payment Service Directive 2 (PSD2) was established to address several objectives, including standardizing rules around payment services, opening up payment markets to competition, and increasing the protection of consumers and their data.
The regulation applies to payment service providers (PSPs), such as banks, processors, and FinTechs, as well as merchants, and it covers all types of electronic and non-cash payments, including mobile and online payments. It is also important to recognize that it applies to any of these organizations that serve EU citizens, regardless of where they’re based.
The rules include strict security requirements for data protection, secure communication, and device and software integrity, and require that PSPs have mitigation mechanisms in place if the required security measures should fail. To comply with PSD2, PSPs and merchants need to establish stringent mobile app security standards.
Zimperium enables organizations to meet PSD2’s requirements for device and software integrity, secure communication, and data protection. Further, companies can address PSD2’s strong customer authentication requirements, which are vital in mitigating the risk posed by failures elsewhere in the security ecosystem.