But all of these abbreviations can sound fancy, what actually matters is whether they really work, right? Is your online banking data genuinely safe, or is it just all smoke and mirrors? Let's find out!
How PSD2 Protects Its Customers
First, what is PSD2? PSD2 is an EU directive that was adopted a few years back. PSD2 enforces financial institutions to enable access to payment accounts to third-party providers - who meet PSD2's security requirements - via Application Programming Interfaces (APIs).
How does this directive ensure security? PSD2 requires that:
• Authentication and authorization of TPPs is done in a secure and fraud-resistant way (Strong Customer Authentication or PSD2 SCA is used)
• Transaction and data information is encrypted
• Bank accounts' access by TPPs is logged (TPPs must establish the identity of users, perform real-time monitoring for unusual activity, and report breaches)
These requirements are covered in PSD2's Security Requirements, which legislators enforce as part of the legal framework. They also contain other PSD2-related regulations that banks have to follow, e.g. PSD2's governance rules and PSD2's transparency rules.
What PSD Does Not Protect Its Customers From?
PSD2 focuses on a lot of things, but it does not focus on PSD2 itself being implemented correctly, which may lead to PSD2-specific vulnerabilities. PSD2 itself is not entirely secure. Obviously - PSD2's Security Requirements cover so much ground that it would be quite illogical to expect 100% security when these requirements are taken separately.
What PSD seeks to protect its customers from - any TPPs who do not follow PSD2's rules. The directive technical regulations seek to protect customers from third parties who run PSD2-approved services but do not follow PSD2's rules as closely as they should. PSD2 does this by allowing banks to revoke these 3rd party providers' access to their APIs for compliant accounts and transactions. The directive seeks to ensure PSD2-specific vulnerabilities are not exploited, but PSD2 does not seek to protect APIs from itself being implemented incorrectly.
So, in short, the SCA protects from straight-up fraud, but it does not protect from any unintentional interpretation of rules errors, that might appear on the end of the developer.
Should You Trust Open Banking And PSD2?
In short, we are going to say yes, you absolutely should when it comes to bank data. In any case, PSD2 is a very comprehensive directive, covering many aspects of security and governance in the financial sphere. It is considered the gold standard for the global legislation of open banking. PSD2 changes the way banking works quite significantly for its users, by opening up new ways to do business with banks and shifting towards a services-based economy. This directive seeks to ensure that your data remains under your control at all times. The enforcement of PSD2's Security Requirements in PSD2-specified ways, will ensure the process won't open doors for any entity that might exploit PSD2-specific vulnerabilities.
In the far future, this technology might be outperformed by even more progressive solutions. But as of right now, PSD2 offers security and transparency miles ahead of what we are used to seeing in online banking. Trust it with ease for smarter online banking data protection.