All Research
Leadership Brief
The Revised Payment Service Directive (PSD2) mandates that banks provide APIs for Account Information Service Providers (AISPs) and Payment Initiation Service Providers (PISPs) to use.

1 Recommendations

Banks must prepare for PSD2 by creating APIs for AISPs and PISPs to use. Banks utilize a gamut of IT infrastructure components to provide services today, some of which may not be easily accessible via APIs. Banks should begin a PSD2 readiness program that includes the following steps:

  1. Understand the requisite API calls that will be used by AISPs and PISPs
  2. Identify account holding and transaction servicing systems
  3. Design secure web-tier and intermediate-tier systems for providing PSD2 API support between external AISPs and PISPs and internal infrastructure
  4. Utilize consumer identity and access management solutions for KYC, AML, and strong/risk adaptive authentication for customers.

Financial institutions should ensure that the following security elements are included in the externally facing PSD2 API architecture:

  • Edge Network Security with:
    • DDOS protection
    • Web application firewall
    • Threat detection and prevention
  • Highly available, load-balanced web-tier
  • API gateway for authentication & authorization of AISPs/PISPs; and request validation
  • CIAM system for consumer identity management, with
  • Adaptive Authentication options including
    • email/phone/SMS OTP
    • Mobile push apps
    • Mobile biometrics
    • User Behavioral Analytics (UBA)
    • USB & software tokens
    • eIDs
Full article is available for registered users with free trial access or paid subscription.
Log in
Register and read on!
Create an account and buy Professional package, to access this and 600+ other in-depth and up-to-date insights
Register your account to start 30 days of free trial access
Get premium access
Choose a package

Stay up to date

Subscribe for a newsletter to receive updates on newest events, insights and research.
I have read and agree to the Privacy Policy
I have read and agree to the Terms of Use