All parties to financial transactions under PSD2, including Account Servicing Payment Service Providers (ASPSPs) and Third-Party Providers (TPPs) will be required to detect and mitigate signs of malware infection in transactions. Malware, particularly of the credential stealing variety, is a significant problem in the realm of financial transactions. The malware detection clause in PSD2 aims to reduce financial transaction risk.
ASPSPs and TPPs will need to deploy anti-malware tools at various points within their architectures to meet this requirement:
- Core banking and transaction processing systems
- Web-based online banking infrastructure
- PSD2 compliant API gateways, based on [Open Banking Project](https://openbanking.atlassian.net/wiki/spaces/DZ/pages/5785171/Account+and+Transaction+API+Specification+-+v1.1.0