The data security requirements of PSD2 are still evolving and are expected to call for a suite of industry best-practice solutions combining better security with high user satisfaction levels.
Thales has a comprehensive set of solutions that can help organizations prepare for and comply with PSD2 across all areas where data needs to be protected -- at rest, in motion and in use, including:
According to the European Commission:
The [current] Payment Services Directive (PSD) was adopted in 2007. This legislation provides the legal foundation for an EU single market for payments, to establish safer and more innovative payment services across the EU. The objective is to make cross-border payments as easy, efficient and secure as 'national' payments within a Member State.
Also according to the European Commission:
The Commission proposed to review the PSD to modernise it to take account of new types of payment services, such as payment initiation services ....
[PSD2's] main objectives are to:
To make electronic payments safer and more secure, PSD2 introduces enhanced security measures to be implemented by all payment service providers, including banks. The EBA will develop specific and objective security standards to that end.
PSD2 Security directives and regulations are written at a high level and the detailed implementation is being left to the industry. However, data security regulations related to PSD2 will almost certainly be subject to the same stringency as the General Data Protection Regulation (GDPR).
The inherent data-security challenge industry observers see in PSD2 is that of strengthening security to reduce fraud while not causing too much disruption to the end user experience.
Thales has a comprehensive set of solutions that can help organizations prepare for and comply with PSD2 across all areas where data needs to be protected -- at rest, in motion and in use.
Vormetric Transparent Encryption from Thales provides file and volume level data-at-rest encryption, secure key management and access controls required by regulation and compliance regimes.
Vormetric Tokenization with Dynamic Masking from Thales lets administrators establish policies to return an entire field tokenized or dynamically mask parts of a field. With the solution’s format-preserving tokenization capabilities, managers can restrict access to sensitive assets, yet, at the same time, format the protected data in a way that enables many users to do their jobs.
Encryption falls short when defending data, if cyber criminals gain access to the tools for decrypting the data. The Vormetric Data Security Platform from Thales provides the following best practice safeguards:
Vormetric Data Security Intelligence from Thales provides another level of protection from malicious insiders, privileged users, APTs and other attacks that compromise data by delivering the access pattern information that can identify an incident in progress.
HSE physical and virtual appliances use strong hardware-based encryption technology to help secure data in motion for business-critical applications. The solution features traffic flow security capabilities that completely mask traffic patterns to prevent surreptitious traffic analysis. Thales High Speed Encryptor (HSE) secure data in motion with little to no impact on network performance and bandwidth. With this solution, businesses and government agencies can establish secure, affordable high-performance connectivity.
Designed specifically for payments applications, payShield 9000 from Thales is a proven hardware security module (HSM) that performs tasks such as PIN protection and validation, transaction processing, payment card issuance, and key management. The payShield 9000 design benefits from over 25 years of Thales experience with payment system security. It is a state-of-the-art solution that delivers an ideal combination of security and operational ease.
Le RGPD est peut-être la norme de confidentialité des données la plus complète à ce jour. Elle concerne toute organisation qui traite les données personnelles des citoyens de l'UE - quel que soit le lieu du siège de l'organisation.
Toute organisation qui joue un rôle dans le traitement des paiements par carte de crédit et de débit doit se conformer aux exigences strictes de conformité PCI DSS pour le traitement, le stockage et la transmission des données de compte.
Partout dans le monde, des nouvelles exigences en matière de notification des brèches de données ont vu le jour suite à la perte d'informations personnelles. Elles varient selon les juridictions mais comprennent presque toutes une clause de "safe harbour".
Également connue sous le nom de Financial Services Modernization Act, le GLBA s’applique aux institutions financières américaines et régit le traitement sécurisé des informations personnelles non publiques, y compris les dossiers financiers et autres informations personnelles.
Potentiellement la norme de confidentialité des données la plus complète en date, le RGPD concerne toutes les organisations qui traitent les données à caractère personnel des citoyens de l’Union européenne, indépendamment de l’endroit où se trouve le siège social de l’organisation.