PSD2 – revised Payment Services Directive. The European Parliament adopted the revised Directive on Payment Services (or PSD2), and with it the PSD2 reality got a little bit closer. PSD2 has been attracting quite a lot of attention, and in and amongst all of the talk about Directives and European Parliament votes its not always immediately clear what PSD2 actually is.
PSD2 Impact, Real life cases from Slovakia:
Private API interface for bank clients use
An incumbent bank in Slovakia offers a private API to its clients (corporates), where the client uses his own ERP system. E.g. SAP or other type of an ERP. And client`s ERP system is connected to the bank`s private API over a secure https / ssl connection. By logging into his own ERP system the client has access his bank account and can initiate payment transactions by sending digitally signed messages via the bank`s private API.
In this scenario a sever based digital certificate X.509 is issued for the client`s ERP server and all payment transactions initiated by the client and sent from the ERP ssytem are electronically signed by the digital certificate which is linked to a "technical" user (ERP) not to the physical user (client).
Is this scenarion compliant with PSD2 and its SCA requirements?
Online banking over private VPN connection for bank clients
An incumbent bank in Slovakia offers an Online banking application to its clients to access their bank accounts and perform payment transactions. However this online banking application is accessible for the bank clients via a private VPN connection only, there is no access over the Internet, because the client`s computer has to be installed as a VPN endpoint. The bank has a strong SCA user authentication mechanism for this Online banking application, however for payments authorization only the four eyes principle is applied.
Is this case an electronic payment transaction in terms of PSD2 directive or not? Do all SCA requirements and transaction monitoring requirements laid down in PSD2 apply to this case?
➢ Click here: The PSD2 Playbook
➢ Click here: 5 things you need to know about PSD2 payment services directive