Leadership Brief

The Anti-Malware Requirement in PSD2

The Revised Payment Service Directive (PSD2) mandates that service providers evaluate transaction requests for signs of malware infection. In order for transactions to be considered low-risk, there must be no signs of malware infection in any sessions of authentication events.

John Tolbert


1 Recommendations

All parties to financial transactions under PSD2, including Account Servicing Payment Service Providers (ASPSPs) and Third-Party Providers (TPPs) will be required to detect and mitigate signs of malware infection in transactions. Malware, particularly of the credential stealing variety, is a significant problem in the realm of financial transactions. The malware detection clause in PSD2 aims to reduce financial transaction risk.

ASPSPs and TPPs will need to deploy anti-malware tools at various points within their architectures to meet this requirement:

Continue reading...
Read the full report and get access to KuppingerCole Research for 4 weeks.
Start Your Free Trial
Already a subscriber? Click here to login.