Blog

What is PSD2 audit?

With the amendment of the PSD2 Regulation at the end of 2020, Europe is moving to an open banking system with more secure transactions. However, the new regulations require technical changes for fintech’s, banks and businesses that use payment data to benefit consumers.

SIQ offers two types of PSD2 audits:

  • Review of security measures according to the requirements of Article 1 of the RTS PSD2
  • TRA revision of transaction monitoring mechanisms for payment service providers

The review of security measures includes:

  • The compliance of strong authentication technical controls
  • The compliance of dynamic linking
  • The compliance of authentication elements independence

PSD2 TRA revision:

The audit is performed by a certified auditor according to the ISAE 3000 standard and includes:

  • Documentation overview
  • Review of data capture methods and data integrity
  • Review of the algorithm for calculating the risk

Strong customer authentication (SCA) required by PSD2 involves multifactor authentication online to improve security. Many institutions have had difficulty implementing the necessary changes due to the requisite development and implementation of APIs needed to exchange data with other institutions.

The multifactor authentication involves gathering, securing, and sharing two of the following:

  • Information the cardholder “knows” (PIN, password)
  • Information the cardholder “has,” (token sent to mobile phone)
  • Something unique to the cardholder (voice, fingerprint, and other biometrics)

Your successful compliance with PSD2 hinges on connections with other institutions, including fintechs, retailers, and banks. We can review APIs you have put in place or help you fast track the development and implementation of powerful APIs needed to aggregate, encrypt and share account data as required by the law.

Mandatory PSD2 implementation

TRA audit and the audit of security measures are carried out annually with the assistance of the information security expert.

The TRA audit is performed every 3 years by an independent certified auditor.

SIQ can help you bridge the gap between your current controls and the new standards and assist your business by ensuring that you are following PSD2 technical standards. Our experts will help you understand and meet the requirements of the PSD2 Regulation.