Javite nam se
KONTAKTIRAJTE NAS
Dot.Bit d.o.o.
Adresa
Stubička ulica 48a
10110 Zagreb
Email: info@dotbit.eu
The Second Payment Services Directive
The second Payment Services Directive applies to all entities which provide payment services within the European Union;
Where
Who and what
Banks are mandated to provide the PSPs access to their customers’ accounts through opening their APIs allowing them to build customised payment services on top of banks’ data and infrastructure.
PSPs will have to comply with the regulatory requirements under PSD2 and potentially apply for a license under the PSD2 in order to keep their business compliant. The PSD2 licensee is allowed to passport this licence to other EU/EEA member states (single licence regime), which allows them to provide their services in those countries.
When
PSD2 compliance is an ongoing process and requires PSPs to establish a formal governance process by introducing an effective operational and security risk management framework for the provision of payment services. Identification and control of risks is of essence and in this context, Article 95 of the PSD2 requires PSPs to conduct an updated and comprehensive assessment of operational and security risks and the adequacy of the mitigation measures at least on a yearly basis.
We will help PSPs in establishing this framework and propose security measures to mitigate operational and security risks which should be fully integrated into the Third Party Provider’s (TPP) overall risk management processes which includes setting up comprehensive security policies setting the risk appetite of the TPP, its security objectives and measures; risk management policies and procedures, as well as the necessary procedures and systems to identify, measure, monitor and manage the range of risks.
To mitigate any issues related to business supporting IT services, and as required by Article 3 of the PSD2 RTS, we shall perform in-depth security audits against the RTS. For this purpose, we have developed a technical guidance framework which enables us to easily assess the any system and pinpoint exact technical gaps in your IT environment.
Our technical consultancy and advisory services provide straightforward PSD2 scoping, testing the required security controls, such as penetration tests, vulnerability scans, application security tests, up to providing technical guidance on mitigating any found issues on any part of the payment transaction processing system, may it be back-end, authorisation, fraud monitoring, web application or mobile application frontend.
Subscribe to dot.bit newsletter and keep track of the latest news and new solutions!