Written by Teo Santaguida, Product Owner at XTN Cognitive Security®
The revised Payment Services Directive (PSD2) is a European directive to regulate payment services and payment services providers. The PSD2 initiative revises the previous PSD directive to create a more integrated European payment market, making payments more secure and protecting customers.
PSD2 represents improvements and new challenges for financial institution departments. The main requirements are:
- Open Banking. Banks are required to share account information with third parties (TPP). The aim is to encourage collaboration and access to the market to banks, fintech, and retailers. This measure should increase the number of digital services in the EU market, boost competition, and simplify access for new innovative services to benefit consumers.
- Strong Customer Authentication is one of the main security-focused improvements. It requires payment service providers to strongly authenticate the customer while accessing payment services. Accepted SCA standards are precisely identified and designed to protect the customer.
NEW CHALLENGES FOR ANTI-FRAUD TEAMS
What actions should anti-fraud teams take to comply with the requirements?
- Verify anti-fraud platforms to meet PSD2 requirements. Anti-fraud capabilities and controls should be based on the user behavior analysis paradigm.
- Extend the anti-fraud analysis to the end-point device to secure SCA processes and prevent compromising strong authentication elements.
- Review the risk management framework considering new risk deriving from the Open Banking paradigm. The anti-fraud platform must also evolve to apply a more restrictive policy if third-party integrations generate more risk.
- Support Strong Customer Authentication and dynamic linking (transaction signing), providing SCA exception capabilities to improve digital payments user experience.
- Collect and track all the information needed to support audits and semestral report required by central authorities.
HOW XTN CAN HELP
XTN helps EU payment services providers comply with the regulation, keeping things easy for them and their customers. The XTN Cognitive Security Platform® provides secure and highly integrated SCA capabilities with a smooth user experience and configurable SCA exception management features. The SCA processes are protected at the end-point level by In-App protection, and analysis results are correlated with a more in-depth user behavior analysis engine. A specific dashboard analysis quickly provides the fraud risk level of third parties. The flexibility in managing the anti-fraud policies offers granular control for the riskiest ones.
The platform also provides real-time fraud analysis. It collects and traces every information needed to generate a semestral report required by the EBA Guidelines for the Fraud Reporting, including geo-localization of payment destinations and fraud categories taxonomy.
XTN Cognitive Security Platform® minimizes the effort needed to address PSD2 requirements providing the best-of-breed and fully integrated fraud management platform to support a secure SCA solution.
