7 PSD2 questions every CISO should be prepared to answer

The EU's recently updated Payment Services Directive has several requirements that affect security, such as stronger authentication for online payments.

FinTech / electronic payments / banking / dollars / euros / pounds / yen
Metamorworks / Getty Images

The revised Payment Services Directive (PSD2) has come into effect in the European Union last year, adding new requirements for financial institutions, payment services providers and merchants who do business in the shared market. But it could also have an impact on businesses based outside the EU, so here are five questions that every CISO should be able to answer about this law.

1. What is the PSD2?

The PSD2 is legislation that regulates the payment services market across the European Economic Area (EEA: the EU member states plus Iceland, Liechtenstein and Norway). It was adopted by the European Parliament in 2015 and went into effect in September 2019, though the enforcement of new transaction security requirements has been delayed.

The legislation is an overhaul of the original 2007 Payment Services Directive and its goals are to reduce online card fraud by enforcing stricter transaction authentication requirements, to regulate the FinTech industry and make the payments market more competitive by forcing banks to share customer account data and to increase consumer protections by reducing their liability for unauthorized payments. It also forces member states to designate national authorities that will handle complaints related to payment services.

2. Does the PSD2 impact your company?

To continue reading this article register now

7 hot cybersecurity trends (and 2 going cold)