PSD2 Compliance

Thales can help your organization keep sensitive data secure in the PSD2 environment.

The data security requirements of PSD2 are still evolving and are expected to call for a suite of industry best-practice solutions combining better security with high user satisfaction levels.

Thales solutions protect an estimated 80% of global payment transactions worldwide. Thales has a comprehensive set of solutions that can help organizations prepare for and comply with PSD2 across all areas where data needs to be protected -- at rest, in motion and in use, including:

  • Securing all emerging and existing financial transactions, from mobile payments to blockchain
  • Reducing audit scope by protecting personal data with tokenization
  • Ensuring transaction security with the most widely used payment HSMs in the market
  • Automating data protection with centralized policy-based security enforcement
  • Regulation
  • Compliance

EU's Payment Services Directive

According to the European Commission1:

The [current] Payment Services Directive (PSD) was adopted in 2007. This legislation provides the legal foundation for an EU single market for payments, to establish safer and more innovative payment services across the EU. The objective is to make cross-border payments as easy, efficient and secure as 'national' payments within a Member State.


Also, according to the European Commission2:

The Commission proposed to review the PSD to modernise it to take account of new types of payment services, such as payment initiation services ....


[PSD2's] main objectives are to:

  • Contribute to a more integrated and efficient European payments market
  • Improve the level playing field for payment service providers (including new players)
  • Make payments safer and more secure
  • Protect consumers
  • Encourage lower prices for payments


To make electronic payments safer and more secure, PSD2 introduces enhanced security measures to be implemented by all payment service providers, including banks. The EBA will develop specific and objective security standards to that end.

PSD2 Security directives and regulations are written at a high level and the detailed implementation is being left to the industry. However, data security regulations related to PSD2 will almost certainly be subject to the same stringency as the General Data Protection Regulation (GDPR).

The inherent data-security challenge industry observers see in PSD2 is strengthening security to reduce fraud while not causing too much disruption to the end user experience.

Thales has a comprehensive set of solutions that can help organizations comply with PSD2 across all areas where data needs to be protected -- at rest, in motion and in use.

2 Ibid

An integrated compliance solution

Drawing on decades of experience helping banks and financial institutions comply with industry mandates, Thales offers integrated products and services that enable your organization to protect stored cardholder data, encrypt it for transfer, and restrict access on a need-to-know basis. In addition, Thales works closely with partners to offer comprehensive solutions that can reduce the scope of your compliance burden.

Addressing the data-security every step of the way

Thales offers comprehensive data protection solutions that help organizations protect financial and personal information every step of the way:

  • Protect transaction and personal data at rest: Thales’ CipherTrust Manager and Luna Hardware Security Modules (HSMs) enable organizations to centrally manage encryption keys and deliver a variety of encryption, tokenization and data masking solutions to protect transaction and personal data in files, folders, applications, and databases in both traditional and cloud or virtualized environments.
  • Encrypt financial transactions and personal data in motion: Thales High Speed Encryptors (HSE) encrypt all data that traverses open networks (e.g. between point-of-sale devices and systems that process cardholder data).
  • Develop and maintain secure systems and applications: Thales Luna HSMs enable organizations to securely store signing material in a trusted hardware device, thus ensuring the authenticity and integrity of any application code files.
  • Implement strong access control measures: Thales CipherTrust products can be setup for unique, multifactor administrative access to enterprise systems on-premises and in the cloud. In addition, SafeNet Trusted Access enables you to centrally manage unique user identities, risk-based authentication policies, and add/revoke access to systems across hybrid IT.
  • Track and monitor all access to sensitive data: All products in the Thales CipherTrust data protection portfolio produce audit records that log any encryption key lifecycle operations (creation/deletion/rotation/revocation) and other administrative functions that can be used to reconstruct events.

Secure your digital assets, comply with regulatory and industry standards, and protect your organization’s reputation. Learn how Thales can help.

Data Security Compliance and Regulations - eBook

Data Security Compliance and Regulations - eBook

This ebook shows how Thales data security solutions enable you to meet global compliance and data privacy requirements including - GDPR, Schrems II, PCI-DSS and data breach notification laws.

Thales CipherTrust Data Discovery and Classification

Thales CipherTrust Data Discovery and Classification - Product Brief

The crucial first step in privacy and data protection regulatory compliance is to understand what constitutes sensitive data, where it is stored, and how it is used. If you don't know what sensitive data you have, where it is, and why you have it, you cannot apply effective...

SafeNet Trusted Access - Solution Brief

SafeNet Trusted Access - Solution Brief

More and more cloud-based services are becoming an integral part of the enterprise, as they lower costs and management overhead while increasing flexibility. Cloud-based authentication services, especially when part of a broader access management service, are no exception, and...

Guide to Authentication Technologies - White Paper

A Comprehensive Guide to Authentication Technologies and Methods - White Paper

Authentication solutions need to be frictionless. Adopting methods with a higher Authentication Assurance Level and Stronger authentication, can effectively reduce the risk of attacks. Explore authentication technologies to learn: • Selecting authentication methods • Analysis...

Sensitive Data Protection in the Retail Card Payments Ecosystem - Brochure

Sensitive Data Protection in the Retail Card Payments Ecosystem - Brochure

This document provides an overview of how organizations can leverage a mixture of the payShield HSM and Vormetric Data Security Platform solutions to provide complete protection of sensitive data as part of their retail card payment processing activities which are linked to a...

Transaction processing using payShield HSMs - Brochure

Transaction processing using payShield HSMs - Brochure

payShield from Thales is the world’s leading payment HSM, helping to secure an estimated 80% of global point of sale (POS) transactions. As the HSM of choice for payment solution providers and payment technology vendors, it delivers proven integration with all of the leading...

The Key Pillars for Protecting Sensitive Data in Any Organization - White Paper

The Key Pillars for Protecting Sensitive Data in Any Organization - White Paper

Traditionally organizations have focused IT security primarily on perimeter defense, building walls to block external threats from entering the network. However, with today’s proliferation of data, evolving global and regional privacy regulations, growth of cloud adoption, and...

The Enterprise Encryption Blueprint - White Paper

The Enterprise Encryption Blueprint - White Paper

You’ve been tasked with setting and implementing an enterprise wide encryption strategy, one that will be used to guide and align each Line of Business, Application Owner, Database Administrator and Developer toward achieving the goals and security requirements that you define...

Unshare and Secure Sensitive Data - Encrypt Everything - eBook

Unshare and Secure Sensitive Data - Encrypt Everything - eBook

Business critical data is flowing everywhere. The boundaries are long gone. As an enterprise-wide data security expert, you are being asked to protect your organization’s valuable assets by setting and implementing an enterprise-wide encryption strategy. IT security teams are...

High Speed Encryption Solutions - Solution Brief

High Speed Encryption Solutions - Solution Brief

Networks are under constant attack and sensitive assets continue to be exposed. More than ever, leveraging encryption is a vital mandate for addressing threats to data as it crosses networks. Thales High Speed Encryption solutions provide customers with a single platform to ...

Other key data protection and security regulations


Active Now

Perhaps the most comprehensive data privacy standard to date, GDPR affects any organization that processes the personal data of EU citizens - regardless of where the organization is headquartered.


Active Now

Any organization that plays a role in processing credit and debit card payments must comply with the strict PCI DSS compliance requirements for the processing, storage and transmission of account data.

Data Breach Notification Laws

Active Now

Data breach notification requirements following loss of personal information have been enacted by nations around the globe. They vary by jurisdiction but almost universally include a “safe harbor” clause.