The Anti-Malware Requirement in PSD2
The Revised Payment Service Directive (PSD2) mandates that service providers evaluate transaction requests for signs of malware infection. In order for transactions to be considered low-risk, there must be no signs of malware infection in any sessions of authentication events.
All parties to financial transactions under PSD2, including Account Servicing Payment Service Providers (ASPSPs) and Third-Party Providers (TPPs) will be required to detect and mitigate signs of malware infection in transactions. Malware, particularly of the credential stealing variety, is a significant problem in the realm of financial transactions. The malware detection clause in PSD2 aims to reduce financial transaction risk.
ASPSPs and TPPs will need to deploy anti-malware tools at various points within their architectures to meet this requirement:
- Core banking and transaction processing systems
- Web-based online banking infrastructure
- PSD2 compliant API gateways, based on [Open Banking Project](https://openbanking.atlassian.net/wiki/spaces/DZ/pages/5785171/Account+and+Transaction+API+Specification+-+v1.1.0
Full article is available for registered users with free trial access or paid subscription.
Register and read on!
Sign up for the Professional or Specialist Subscription Packages to access the entire body of the KuppingerCole research library consisting of 700+ articles.