PSD2

PSD2

New requirements - and opportunities - for financial businesses

Since September 2019, companies in the banking and finance sector are subject to the PSD2 directive, which aims to standardise the market, promote technological innovation through increased competition and at the same time strengthen consumer protection. In practice, the directive requires banks to make their APIs open and available, allowing third-party providers to use the banks' infrastructure and customer data, with the customer's consent.

13 %
of the total number of security incidents in 2019 affected companies in the banking and finance sector
81 %
of Swedes have high confidence that their bank protects their sensitive information from misuse and intrusion
75 %
would change their existing bank if it was found to have misused personal data

requirements

What are the security requirements of PSD2?

Framework

Framework for managing operational and security risks, which should be fully integrated into the overall risk management processes

Risk assessment

Risk assessment, including identification and classification of functions, processes and assets, as well as physical security and access control

Security testing

Regular testing of security systems and processes to ensure operations are not exposed to attack surfaces

Continuity

Scenario-based business continuity plans and ongoing business continuity checks

Monitoring

Processes and functions to continuously monitor business functions, transactions and information assets with associated detection measures to identify information leaks, malware, and commonly known vulnerabilities

Contact us

We offer several contact routes and provide feedback as soon as possible. If you have sensitive information, we ask you to use the encrypted method.