The data security requirements of PSD2 are still evolving and are expected to call for a suite of industry best-practice solutions combining better security with high user satisfaction levels.
Thales solutions protect an estimated 80% of global payment transactions worldwide. Thales has a comprehensive set of solutions that can help organizations prepare for and comply with PSD2 across all areas where data needs to be protected -- at rest, in motion and in use, including:
According to the European Commission1:
The [current] Payment Services Directive (PSD) was adopted in 2007. This legislation provides the legal foundation for an EU single market for payments, to establish safer and more innovative payment services across the EU. The objective is to make cross-border payments as easy, efficient and secure as 'national' payments within a Member State.
Also, according to the European Commission2:
The Commission proposed to review the PSD to modernise it to take account of new types of payment services, such as payment initiation services ....
....
[PSD2's] main objectives are to:
....
To make electronic payments safer and more secure, PSD2 introduces enhanced security measures to be implemented by all payment service providers, including banks. The EBA will develop specific and objective security standards to that end.
PSD2 Security directives and regulations are written at a high level and the detailed implementation is being left to the industry. However, data security regulations related to PSD2 will almost certainly be subject to the same stringency as the General Data Protection Regulation (GDPR).
The inherent data-security challenge industry observers see in PSD2 is strengthening security to reduce fraud while not causing too much disruption to the end user experience.
Thales has a comprehensive set of solutions that can help organizations comply with PSD2 across all areas where data needs to be protected -- at rest, in motion and in use.
1 https://ec.europa.eu/commission/presscorner/detail/en/MEMO_15_5793
2 Ibid
Drawing on decades of experience helping banks and financial institutions comply with industry mandates, Thales offers integrated products and services that enable your organization to protect stored cardholder data, encrypt it for transfer, and restrict access on a need-to-know basis. In addition, Thales works closely with partners to offer comprehensive solutions that can reduce the scope of your compliance burden.
Thales offers comprehensive data protection solutions that help organizations protect financial and personal information every step of the way:
The crucial first step in privacy and data protection regulatory compliance is to understand what constitutes sensitive data, where it is stored, and how it is used. If you don't know what sensitive data you have, where it is, and why you have it, you cannot apply effective...
More and more cloud-based services are becoming an integral part of the enterprise, as they lower costs and management overhead while increasing flexibility. Cloud-based authentication services, especially when part of a broader access management service, are no exception, and...
Authentication solutions need to be frictionless. Adopting methods with a higher Authentication Assurance Level and Stronger authentication, can effectively reduce the risk of attacks.Explore authentication technologies to learn:• Selecting authentication methods• Analysis of...
This document provides an overview of how organizations can leverage a mixture of the payShield HSM and Vormetric Data Security Platform solutions to provide complete protection of sensitive data as part of their retail card payment processing activities which are linked to a...
payShield from Thales is the world’s leading payment HSM, helping to secure an estimated 80% of global point of sale (POS) transactions. As the HSM of choice for payment solution providers and payment technology vendors, it delivers proven integration with all of the leading...
Traditionally organizations have focused IT security primarily on perimeter defense, building walls to block external threats from entering the network. However, with today’s proliferation of data, evolving global and regional privacy regulations, growth of cloud adoption, and...
You’ve been tasked with setting and implementing an enterprise wide encryption strategy, one that will be used to guide and align each Line of Business, Application Owner, Database Administrator and Developer toward achieving the goals and security requirements that you define...
Business critical data is flowing everywhere. The boundaries are long gone. As an enterprise-wide data security expert, you are being asked to protect your organization’s valuable assets by setting and implementing an enterprise-wide encryption strategy.IT security teams are...
Networks are under constant attack and sensitive assets continue to be exposed. More than ever, leveraging encryption is a vital mandate for addressing threats to data as it crosses networks. Thales High Speed Encryption solutions provide customers with a single platform to ...
Perhaps the most comprehensive data privacy standard to date, GDPR affects any organization that processes the personal data of EU citizens - regardless of where the organization is headquartered.
Any organization that plays a role in processing credit and debit card payments must comply with the strict PCI DSS compliance requirements for the processing, storage and transmission of account data.
Data breach notification requirements following loss of personal information have been enacted by nations around the globe. They vary by jurisdiction but almost universally include a “safe harbor” clause.
